and labour allocation for the areas of business facing the highest risk .
This is a shift from what we have seen this year . Earlier this year , a report from LogRhythm found that only 7 % of security leaders report to the CEO .
Additionally , only 37 % say they or someone in their security function reports to the board of directors , despite 60 % of organisations experiencing a cyberattack in the last two years . CISOs have not been granted the necessary influence to effectively contribute to the business ’ strategic planning and budgeting .
It ’ s not just CISOs that will be recognised next year . Security teams will find themselves with more influence and in higher demand across companies making substantial new cybersecurity investments .
The increased investment will be primarily used for application security , as well as hiring talent to validate the source code companies bring in .
In 2022 , CISOs will need to fight for their voice to be heard among the C-suite , which will allow them to implement more sophisticated defence strategies .
The increase of spear phishing
Attackers have sophisticated their methods of phishing as people have become wise to the traditional obvious and unrealistic suspicious email .
Training and general awareness has caused attackers to change their tactics and take a better researched and prepared approach , known as spear phishing . Using social media platforms such as LinkedIn , attackers can gain a range of information that allows them to imitate colleagues and discuss recent company news that all adds to the realism of the phishing attempt .
In the UK , Statista found that 62 % of surveyed CISOs believe that human error is their organisation ’ s biggest cyber vulnerability .
CISOs will need to lobby for increased training on this to ensure employees are fully aware of the growing sophistication and remain on high alert of any unexpected or unusually worded emails , even if they appear legit at surface-level .
API vulnerabilities creating easy targets
Lateral movement techniques are used by cyberattackers to infiltrate deeper
38 www . intelligentciso . com