A question of authority
Dickson also argues that CISO authority should come into play. If decisions are made at the line-of-business (LOB) level, and potentially againstthe CISO’s advice, does it make corporate sense to blame the CISO?Some “presume that a ransomware attack is the fault of the CISO,” he says. “The CISO is a leader, but not the leader. Breaches are the result of a pattern of decisions of many.”Info-Tech’s Avakian compares such a corporate reaction to a homeowner blaming the fire department if their house burned down due to the homeowner’s fault.”When was the last time you saw a fire department captain fired or their team blamed for a fire starting? They are the ones who responded, mitigated, educated, and helped minimize the future risk of fire occurrence,” Avakian says. “See this [security] team over there, including your CISO? They are your firefighters. They have your backs and are here to help whenever there is an incident.”Dickson also stresses that many enterprise business units, even some CEOs and COOs, will sidestep CISOs by deliberately not inviting them to key meetings, out of the fear they will slow down certain business processes.”They will actively decide to not include Security,” Dickson says. “I tell [those executives], ‘If you don’t want your CISO, someone else will.’”The Sophos report said post-ransomware forensic investigations often discover problems that the CISO missed or should have known about.”For the third year running, victims identified exploited vulnerabilities as the most common root cause of ransomware incidents used to penetrate organizations in 32% of attacks overall. Compromised credentials remains the second most common perceived attack vector, although the percentage of attacks that used this approach dropped from 29% in 2024 to 23% in 2025,” according to the report. “Email remains a major vector of attack with 19% of victims reporting malicious email as the root cause and a further 18% citing phishing, a notable jump from last year’s 11%.”Chet Wisniewski, a Sophos director and global field CISO, said the company’s research showed that 40% of respondents said the ransomware attack stemmed from “a known gap that we had not addressed.””That’s a pretty tough thing to survive if you have a multimillion-dollar event on your hands,” he says.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4040156/25-of-security-leaders-replaced-after-ransomware-attack.html
