Senior security and IT leaders point to employees and their companies’ own supply chains as the source of constant risk of malicious and unintentional vulnerabilities, exacerbated by remote work and cloud-based environments.  

The findings came from a qualitative survey conducted by CRA Business Intelligence  and sponsored by Mastercard. More than 50 chief information security officers and top security and corporate executives from companies with 1,000 or more employees responded.  

Click here to download the full report, “Are people missing from your cybersecurity strategy?” 

Conducted in North America in February 2021, the survey focused on three key corporate vulnerabilities: the constant cybersecurity risk, both accidental and deliberate, from employees; supply chain and third-party risks; and the risks posed by the cyber attackers themselves.  

Respondents said blurring the boundaries between work and personal computing exacerbates the problems. Even before the pandemic, global workforces were often disconnected, making it harder to maintain consistency and push out security patches quickly.  

While the recent SolarWinds breach turned the spotlight on the corporate supply chain, executives were aware of the threat third parties pose and the responsibilities companies have for dealing with third-party risk management.  

The security environments of third parties are often seen as opaque and uncontrollable by many cybersecurity leaders and most acknowledged that they had limited visibility into the ongoing security control of their vendors, partners and contractors. Most of the executives surveyed recognized their ability to manage this type of risk as “needing improvement” or merely “adequate.” 

“Although assessed during onboarding, we have limited visibility into the ongoing security control effectiveness of vendors, partners and contractors,” one information security officer for a health care company noted.  

Executives also expressed significant concerns over keeping pace with attackers’ volume and persistence, noting that many of today’s hacking groups are well-funded and trained. Zero-day threats, phishing and social engineering attacks with associated ransomware are among the most persistent threats today’s CISOs and security teams face. 

For more information on how you can partner with CRA Business Intelligence, please contact Dave Kaye, Chief Revenue Officer.