The three cybersecurity blind spots affecting today’s CISOs

Digital image of a lock.
Image Credit: Shutterstock (Image credit: Shutterstock)

Today’s CISOs face a perfect storm. Cyberattacks are increasing year-on-year, and new technologies such as AI are empowering attackers. Meanwhile, the amount of data CISOs are defending is growing. 

The ever-adapting threat landscape requires CISOs to continually change their approach towards cybersecurity. Last year alone, 85% of IT and security leaders in the UK reported experiencing a significant cyberattack, with 36% of those victims enduring at least one ransomware attack.

With such significant threats to consider, CISOs must evolve and implement a cyber strategy which centers resilience and recovery - no matter where their data is stored. 

Richard Cassidy

EMEA CISO at Rubrik.

Vulnerable cloud architectures 

As data volumes and the number of devices requiring access to this data have ballooned, many businesses are increasingly dependent on the cloud. To put this growth into perspective, in 2023, 13% of typical organization's data was stored in cloud architecture, compared to only 9% in 2022. Comparatively, on-premises declined from 77% in 2022 to 70% in 2023.

That’s a problem, as attackers are paying attention to these trends too, and hybrid environments have as a result become a real focus area of cyber-attacks. Many of the organizations victimized in a cyber-attack last year were targeted across multiple touchpoints, such as the cloud and SaaS.

Put simply, cloud computing comes with inherent risk because it stores regulated data with fewer security capabilities and less visibility than on-premises assets. So, while the benefits of cloud storage cannot be contested, mismanagement of cloud architectures continues to drive security blind spots:

1.  70% of all data in a typical cloud instance is object storage, which is a common blind spot for most security appliances as it is typically not machine readable. 

2. Unstructured data (such as text files) and semi-structured data represent another blind spot for security because these data types vary wildly in being machine readable 

3. More than 25% of object stores contain data covered by regulatory or legal requirements, such as protected health information (PHI) and personally identifiable information (PII).

 

CISOs must address these security blind spots in their cloud architecture if they are to manage the impact of cyber-attacks. A robust security cloud helps organizations to uphold data integrity, continuously monitor risks and threats, and restore business-as-usual when infrastructure is attacked. 

The most vulnerable sectors 

While cyberattacks are common in most industries, some sectors are at a higher risk than others, such as the healthcare industry, which continues to be a prime target for ransomware groups. 

Healthcare organizations secured 22% more data than the global average and this is only set to grow further. In fact, a typical healthcare organization saw their data estate grow by 27% last year alone - leaving CISOs with an uphill battle to discover and re-secure all data in question. 

Concerningly, not only does the healthcare sector hold more sensitive data than the typical organization, which is highly sought after by cyber criminals, but each cyber-attack against them is also more damaging. An estimated 20% of a typical healthcare organization's total sensitive data holdings are impacted every time there is a successful ransomware encryption event, compared to 6% for an average organization. That means that a fifth of a healthcare organization's sensitive data is affected during a ransomware event, representing a significant threat to their operational resilience, business continuity and the potential loss of highly personal patient records.

These numbers are particularly significant, but it's true that any organization which frequently handles sensitive data is at risk of ransomware attack. By understanding the blind spots to watch for to ensure their data is secure from preying hands, CISOs can be more prepared to face the future, and ensure a better approach to cyber resilience within their organizations. 

Budget and personnel pressures 

While CISOs are being asked to juggle more in every part of their role – including more data to protect – one element has notably remained unchanged: budget.

Having to deliver more, with the same resource, it's clear that these increasing pressures are having a negative impact on mental health. It's stark that 96% of senior IT and security leaders reported changes to their emotional and/or psychological state as a direct result of a cyberattack, with 38% worrying over job security. 

Organizations must act to manage the human cost of security breaches in order to ensure that personnel are equipped to face the higher demands required in the wake of an attack. 

Delayed action on resilience 

It’s an uncomfortable reality that cyberattacks are increasingly unavoidable. But it is the reality. That’s why cybersecurity professionals must move to adopt a position of cyber resilience, and prepare to recover from an attack, not just defend against it. 

Until relatively recently, prioritising cyber resilience fell to the weyside - however regulations are coming into play to support the prioritising of cyber-resilience. The Digital Operational Resilience Act, or DORA, is an EU measure coming in at the start of 2025. It will provide a uniform set of requirements for the security of network and information systems of companies and organizations operating in the financial sector, as well as the third-parties who provide ICT-related services to them. 

Similarly, the new NIS2 Directive - an update to the Security of Networks & Information Systems Regulations - was introduced in 2023. It applies to businesses working with critical EU and UK organisations. NIS2 enforces cooperation, to incentivize a culture of robust security protections. 

By addressing current blind spots, CISOs can uphold data integrity, mitigate the effects of attacks, and ensure business continuity in uncertain times. 

Because the only storm you can prepare for, is the one you see coming.

We list the best malware removal.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

EMEA CISO at Rubrik.

Read more
A digital representation of a lock
Exploits on the rise: How defenders can combat sophisticated threat actors
Abstract image of cyber security in action.
It’s time to catch up with cyber attackers
Hack The Box crisis simulation event
“Everyone will experience a hack” - how incident response can protect your organization
An image of network security icons for a network encircling a digital blue earth.
Why effective cybersecurity is a team effort
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Sounding the alarm on AI-powered cybersecurity threats in 2025
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Don’t let holidays be your cybersecurity downfall
Latest in Pro
Finger Presses Orange Button Domain Name Registration on Black Keyboard Background. Closeup View
I visited the world’s first registered .com domain – and you won’t believe what it’s offering today
Racks of servers inside a data center.
Modernizing data centers: an efficient path forward
Dr. Peter Zhou, President of Huawei Data Storage Product Line
Why AI commonization is so important for business intelligent transformation and what Huawei’s data storage has to offer
Wix automation
The world's leading website builder aims to save businesses time with new tool
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Latest in News
A super close up image of the Google Gemini app in the Play Store
It's official: Google Assistant will be retired for phones this year, with Gemini taking over
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 16 (game #1147)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 16 (game #378)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Sunday, March 16 (game #644)
Three iPhone 16 handsets on show
Apple could launch an iPhone 17 Ultra this year – but we've heard these rumors before
Super Mario Odyssey
ChatGPT is the ultimate gaming tool - here's 4 ways you can use AI to help with your next playthrough