Yahoo Finance Digital transformation impacts on cybersecurity for organizations
Emily Mossburg, Deloitte Global Cyber Leader, joins Yahoo Finance to discuss the focus on cybersecurity for companies amid digital transformation efforts.
Video transcript
JARED BLIKRE: Welcome back. Cyber attacks are on the rise, and Deloitte just published their Future of Cyber Survey. This covers 600 global organizations, their c-suite leaders, and what they're facing as they seek to improve their cybersecurity protections. And we want to get to some of those insights, and we have Emily Mossburg here of Deloitte. She is a global cyber leader. And, Emily, let me just begin-- what are some of the findings, some of the big picture takeaways from your report?
EMILY MOSSBURG: Absolutely. So glad to be here with you. And you know, a couple of things really jump out. First, the amount of digital transformation that has been happening over the course of the last year and a half to two years during COVID has really impacted the complexity and the technical landscape. And we're seeing that that is causing challenges from a cybersecurity standpoint. And it's really leading to the complexity in managing their cyber organizations and their cyber risks.
We're also seeing, though, that this continues to be a priority at the executive level within organizations. We're seeing an increase in reporting of the chief information security officer to CEOs, with a third of CISOs, or chief information security officers, reporting to the CEO at this point. We're also seeing that the boards are really getting involved in overseeing and understanding organizations' cyber risk posture.
And 70% of organizations reported that their board is speaking about cyber on the agenda on at least a quarterly basis. So we're definitely seeing a raise in the level of focus and executive attention in this space.
- And how much of a threat are these risks posing across companies? And what are the different types of threats that they're looking at?
EMILY MOSSBURG: So the top threat that was reported in the survey was ransomware. And 31% of the organizations noted that ransomware was the largest threat. And these threats are very real. Especially as we continue to evolve and drive more technology through everything that we're doing, we're seeing a convergence between an organization's IT environment and their operational technology environments.
And that means that it's not just their internal IT systems that are at risk, but in many instances, it's the products and the services that they're delivering to their consumers and their clients as well. So we're really seeing a huge impact at this point as it relates to cyber.
JARED BLIKRE: Well, as we're seeing the structural shifts, everything orienting around the cloud more and more, I'm just wondering what are some of the specific things that companies are doing and plan to do in response to this shift?
EMILY MOSSBURG: Well, it's interesting-- there definitely is the continued focus and shift to the cloud. 94% of the CFOs that we surveyed said they had either moved their financial systems or were intending and planning to moving their financial systems to the cloud. And with this, what we're seeing is organizations are now dealing with very complex environments.
So they've got legacy on-prem or on-premise systems that they're managing. They have cloud environments. And in many cases, they're managing multiple cloud environments. And what we're seeing is a real focus on making sure that there's an ability to see and to drive visibility across all of these different environments.
And what that means in terms of that visibility is understanding what does the traffic flow look like? What is normal? What kinds of transactions should I be seeing in different environments? And how do I bring together what I'm seeing in my on-prem solutions or within my own data centers-- what am I seeing in the different cloud environments? And am I sure that I'm able to compare the data across those different environments? Will we understand when and how there may be an attack happening and what the adversary may have access to within my environment?
- And, Emily, let me ask you-- even though there's been so much expenditure, increased awareness by companies, doesn't our own US government need to get involved, and global actors as well, to sort of stop the spread of these wide-scale hacks that we're seeing, like from SolarWinds again over the weekend? You know, doesn't everyone need to come together and act?
EMILY MOSSBURG: Well, it's interesting. It's clearly a systemic issue. And it's not one that individual organizations can handle themselves, regardless of the size and breadth of those organizations. And we're seeing, as you mentioned, exceptional amounts of expenditures and budgets focused on cyber. So about 75% of our respondents that are $30 billion or greater organizations are spending $100 million or more on their cyber programs.
So there's no lack of focus and funding here. The issue is that the adversary, the bad guys, only have to find one hole. And organizations have to focus on securing the entirety of not only their environment, but their extended enterprise and the entirety of the ecosystem that they're connected to. And so I think, to your point, this isn't a singular battle. This is a place where industries need to bind together and come together.
And there are several groups, and ISACs, and organizations that focus on that. And then they need to come together with the government. This definitely needs to be something where there's coordination across industries, across governments, across the entirety of society focused on keeping us as individuals, and organizations, and societies safe.
JARED BLIKRE: And it seems like we're only at the beginning of this process. Emily MOSSBURG, thank you for joining us-- Deloitte global cyber leader.
