Three in four US CISOs in companies that suffered a breach don’t know how they were hacked

Razvan Muresan

February 20, 2017

Three in four US CISOs in companies that suffered a breach don’t know how they were hacked

Some 34 percent of companies were breached in the past 12 months, while 74 percent of IT decision makers don’t know how their company was breached, according to a Bitdefender survey of 250 IT decision makers in the United States in companies with more than 1,000 PCs.

The study on large US companies revealed the rising pressure of cyber breaches and Blitzkrieg Attacks has prompted CEOs to consider CIOs as among the most important C- level managers, joining COOs and CFOs in decision-making strategies, and bringing security to board-level thinking. Some 34 percent of IT decision makers feel their job is more important than ever in the company organigram, while another 30 percent admit their job has completely changed in recent years.

2016 gave rise to unknown security challenges that IT decision makers have to prevent by adopting breakthrough technologies to fight zero-day exploits, Advanced Persistent Threats, and other devastating types of cybercrime. Furthermore, virtualization and adoption of hybrid environments have significantly increased the attack surface, causing more headaches for those who have to secure all infrastructures, physical or not. As recent reports show, more businesses are entrusting more sensitive data and workloads to cloud providers, as 63 percent of companies already run IT operations in the cloud, 36 percent run operations, 34 percent run customer service, marketing and sales, and 32 percent run finance too.

Cybercriminals can spend large amounts of time inside organizations without being detected - APTs are often defined as designed to evade detection. In the virtualization paradigm, since nothing being executed in raw memory is encrypted – just scrambled – APTs that try to execute malicious code on a virtual machine will be intercepted by Bitdefender’s Hypervisor Introspection technology long before they actually compromise the operating system. In fact, as soon as the malicious code, even delivered via zero-day exploit, tries to execute in the VM’s memory, the introspection engine will immediately “see” the malicious action and the code that was trying to execute.

This research was conducted in October 2016 by iSense Solutions for Bitdefender on 250 IT security purchase professionals (CIOs/CEOs/ CISOs – 26 percent, IT managers/directors – 56 percent, IT system administrators – 10 percent, IT support specialists – 5 percent, and others), from enterprises with 1,000+ PCs based in the United States of America.

Read the full white paper here. 

Contact an expert



Razvan Muresan

Former business journalist, Razvan is passionate about supporting SMEs into building communities and exchanging knowledge on entrepreneurship. He enjoys having innovative approaches on hot topics and thinks that the massive amount of information that attacks us on a daily basis via TV and internet makes us less informed than we even think. The lack of relevance is the main issue in nowadays environment so he plans to emphasize real news on Bitdefender blogs.

View all posts

You might also like