According to cybersecurity experts the biggest stressor for CISO's on the security front is unknown malware.
Because it's been instrumental in several major cyber attacks, such as the recent SolarWinds attacks, and is extremely difficult to deal with.
There are over two billion types of known malware. Threat detection tools are trained to find them from their source code or unique signature. Two things which can easily be modified to render malware invisible against traditional detection tools.
This is due to the fact Malware can be polymorphic, meaning if you change one tiny thing, a previously existing signature will be useless. Every change that happens in a piece of malware would need to be assigned to a new signature.
This is a problem because if Malware is continuously changing- there's no way to keep up with it.
This is especially concerning when, according to Deloitte, the proportion of cyber attacks using unseen malware or penetration methods has risen from 20% to 35%.
Part of why this is such a major issue is the difficulty of detection. On average, it takes 14 weeks for businesses to learn about an attack, meaning that malicious hackers can roam freely for months before their wrongdoing is even noticed.
Cyber security experts like Kathie Miley argue it's critical to consider malware from the CISO's perspective."They are expected to know everything about the cybersecurity market and everything there is about cybersecurity resilience inside the organisation." she remarked "When challenges come up, and new things start to appear, the organisation, of course, goes back to the CISO, expecting them to know it."