Three-Quarters of CISOs Predict Another SolarWinds-Style Attack
Some 84% of global organizations have suffered a serious security incident over the past two years and a majority are expecting another SolarWinds-style supply chain attack, according to a new Splunk report.
The IT data platform provider interviewed 535 security leaders in nine leading economies across multiple industries, to compile its latest report, The State of Security 2021.
Of those that were successfully attacked, email compromise (42%) was the most common incident, followed by data breaches (39%), mobile malware (37%) and DDoS (36%).
However, over three-quarters (78%) expressed concern about more sophisticated supply chain attacks coming in the future.
Cloud complexity is emerging as a major threat to global organizations, with three-quarters (75%) of respondents already using multiple providers. Over half (53%) claimed attacks had increased in this area during the pandemic and 76% that remote workers are harder to secure.
Nearly 90% already run a substantial number of their business-critical applications in the public cloud.
Two of the key challenges of securing cloud environments highlighted by respondents were: maintaining and enforcing consistent policies (50%); and the complexity of using multiple security controls (42%).
Splunk urged organizations to modernize their Security Operations Centers (SOCs) with new SIEM platforms and more automation, such as in user and entity behavior analytics (UEBA) and security orchestration, automation and response (SOAR) tools.
It also advocated a zero trust approach, enhanced staff training and improved insight into network behavior to spot lateral movement more effectively.
“That modernized SOC will include an arsenal of the best tools and customization available. But that can create its own headaches, in terms of training and the ability to understand an incident with data from multiple sources,” the report concluded.
“In a complex, multi-cloud, multi-service environment, it’s essential to be able to see across all that data, not just traditional security data. This highest-level, end-to-end perspective is vital not only to security and compliance efforts, but to successful development and operations as well. A consolidated view of the data creates a single source of truth for security and IT teams.”