Which cybersecurity attack is currently your highest priority (to defend against)?

Leadership Architecture

Ransomware and multifaceted extortion33%

Business email compromise40%

Third-party vendor compromise (supply chain)17%

Cloud security incidents6%

I have no idea1%

745 PARTICIPANTS

4.2k views2 Upvotes1 Comment

Sort by:

Group Director of Information Security in Banking2 years ago

Attacks are a symptom. Attack vectors are more important to identify. As an example; Your choices of Ransomware, Cloud security incidents or even 3rd party vendor compromise, the attack vectors is 'identity compromise'. Identity compromise can happen via insecure account credentials, loss of API keys and secrets, session cookies , tokens or inadequate use of OTPs. Now if I flip your question to read,
"Which cyber security attack vector is your highest priority?"
I would answer in below order of priority:

1. Credentials / identity loss of web facing applications ( missing SSO/PAM integration).
2. Patchable vulnerabilities exploitation of web facing applications and endpoint desktops. (Broken / insufficient patch management process)
3. Compromised credentials on admin endpoints (Inadequately configured EDR and missing least privilege access user account on privileged user endpoints, making them susceptible to phishing attacks).

Content you might like

Which tech conference do you intend to attend in person next year or have already participated in this year, and what motivated your choice?

What is your typical weekly work schedule look like?

< 40 hrs11%

40 - 55 hrs69%

56 - 65 hrs20%

66 - 75 hrs7%

76 - 85 hrs1%

> 85 hrs

View Results

We're embarking on an AP transformation - has anyone got experience with Coupa, Medius, Esker, Basware, SAP or Oracle for P2P that is willing to share insights?

When evaluating vendors of Point-to-Point Ethernet WAN services for your enterprise networking needs, which four (4) product features/capabilities would lead you to choose one vendor’s Ethernet over another?

Low latency30%

Global availability of services36%

On-demand provisioning40%

Flexible bandwidth control35%

SLA agreements/ QoS34%

Low cost29%

High bandwidth availablity (over 10G)13%

MEF certification9%

Pay as you go pricing model6%

View Results

When it comes to the vulnerability management process, where can current AI capabilities provide the most value? Have you had success with using AI-enabled tools specifically for deduplication, false positive reduction, prioritization, etc.?

Which cybersecurity attack is currently your highest priority (to defend against)?

Sort by:

Content you might like

Which tech conference do you intend to attend in person next year or have already participated in this year, and what motivated your choice?

What is your typical weekly work schedule look like?

We're embarking on an AP transformation - has anyone got experience with Coupa, Medius, Esker, Basware, SAP or Oracle for P2P that is willing to share insights?

When evaluating vendors of Point-to-Point Ethernet WAN services for your enterprise networking needs, which four (4) product features/capabilities would lead you to choose one vendor’s Ethernet over another?

When it comes to the vulnerability management process, where can current AI capabilities provide the most value? Have you had success with using AI-enabled tools specifically for deduplication, false positive reduction, prioritization, etc.?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

How are U.S. CISOs Addressing Liability Risk?

CrowdStrike Outage: Impact And Recovery

2024 Product Management Priorities and Challenges

Data-Driven Customer Experience: Uniting D&A and CX Teams

Navigating Economic Uncertainty in 2024: IT Leader Perspectives

Take Your Insights On-the-Go