Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

How to Overcome Cyber “Insecurities”

Being a CISO is not an easy job. It takes a certain type of person who has the right mix of passion, discipline, technical knowledge and business acumen to be able to lead their organization in the right direction. Whether they come from a technical, business or even military background, all CISOs experience a number of personal and professional roadblocks on a daily basis that challenge the ultimate success of their company’s security. 

Being a CISO is not an easy job. It takes a certain type of person who has the right mix of passion, discipline, technical knowledge and business acumen to be able to lead their organization in the right direction. Whether they come from a technical, business or even military background, all CISOs experience a number of personal and professional roadblocks on a daily basis that challenge the ultimate success of their company’s security. 

Five common cyber “insecurities” CISOs face include:

1. Staying on top of the latest threats – As the world becomes increasingly digital, the proliferation of threats become increasingly easy to spread. The recent WannaCry attack, for example, devastated hundreds of thousands of machines. And while a killswitch and emergency patching efforts were ultimately able to stop the spread of the threat, methods used in the attack have already been found in new strains of malware, meaning similar hacks will continue to be an issue with relatively little investment from cyber criminals. 

2. Needing to have and understand the technical sophistication for any threat – Staying on top of the latest threats is one thing, but understanding the technical sophistication behind any threat is far more important. CISOs need to be able to quickly make executive decisions about how a threat should be addressed, which means having a strong technical understanding of any threat is a must. 

3. Fearing repercussions due to a security incident – At the CISO level, the stakes are high – it could take just one bad call to expose a company to possible attacks and potentially risk valuable information. Should an attack happen, it’s up to the CISO to make the best decision for the company. Depending on its severity, this decision could have implications that follow the company for years or even decades, which is a heavy burden to bear. 
 
4. Understanding the crucial basics – what data the organizations have and what is most important to protect – At the core of it all, CISOs need to understand what data the organization has and determine what is most important to protect. If a company is breached, the first question the security team will ask is, “What data does the attacker now have access to?” If the CISO can’t answer that question, it makes everyone’s job much more difficult and gives the hacker a leg up. Determining what data are most important to keep protected is the first, and often most challenging, step.  

5. Stating their case to the board – Getting the board of directors aligned with their agenda can sometimes be the CISOs’ toughest battle. Not only does the board control what repercussions a CISO may face after a security incident, but it also controls what resources the IT department has access to. CISOs need to defend their decisions and convince the board of their needs and concerns. 

CISOs can rest assured that their peers experience the same doubts. Some tips to stop worrying about your insecurities, and sleep better at night, are: 

• Employing and managing great teams. This is definitely a must and probably something you are already doing. Part of great management has to include developing your team, growing them and elevating their capabilities. By employing new methodologies and technologies, security teams can be more effective than ever. Utilizing automation as a new methodology for testing and patching frees up resources to deploy new security policies. Likewise, utilizing cloud threat intelligence services can fill any evident holes, such as staying up-to-date on the latest threats, freeing up resources to focus on strategically understanding the organizations’ data and maintaining the technical sophistication required. 

• Having a high level of visibility into possible security threats. This allows you to make decisions proactively and reactively before needing to state your case to the board or prevent any negative repercussions over a security incident. Conducting a thorough audit of your network and the scope of all of its nodes helps identify potential risks and issues. Working across the organization to understand what information is where helps facilitate the conversation to comprehend what data is important to protect. After the audit, the security risks can then be categorized, which will help the board make decisions about protocol. Whatever is decided could enable real-time decisions that could save a corporation millions of dollars in employee productivity on both the threat remediation side and impact of any threat intrusion.

• Remembering to breathe! The role of CISO is tough, but you’re there for a reason. Have confidence in your teams and your technology. 

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Cybersecurity Funding

Forward Networks, a company that provides network security and reliability solutions, has raised $50 million from several investors.