Priority given to reputation, never mind regulations!
58% of CISOs are required by their employers to remain silent about cybersecurity incidents affecting their company. That’s 38 points more than two years ago!
Growing pressure to remain silent about security incidents! Today, the reputation of the organization takes precedence over regulatory compliance. However, security breaches not only impact systems; they also test the integrity of an organization’s response.
An explanation for this heavy silence? The evolution of cybercriminals’ methods, according to Martin Zugec, Technical Solutions Director, Bitdefender. ” Traditional ransomware attacks, which encrypted data and demanded public disclosure, are on the decline. Instead, attackers are increasingly focusing on stealing data without interrupting service, making breaches less visible to customers or the public.”
Negotiations by mutual agreement
Another observation: encryption is often limited to the back-end infrastructure. For example, a recent attack by the RedCurl group specifically targeted hypervisors, avoiding systems that could impact end users.
“This approach minimizes public fallout and paves the way for private negotiations, increasing the pressure on CISOs to disclose,” comments Martin Zugec.
Modern adversaries are abandoning tools: they’re using yours!
Bitdefender analyzed 700,000 cyber incidents and found that 84% of high-severity cyberattacks now exploit legitimate tools already present in the environment.
Organizations that streamline their environments, disable unnecessary applications, and reduce lateral migration paths are better equipped to prevent and contain intrusions before they escalate into business-disrupting events.
At the same time, AI continues to reshape defensive and offensive capabilities in cybersecurity. And AI-related threats are a major concern for cybersecurity professionals in all countries surveyed.
