According to Ponemon, 67% of respondents to a CISO survey believe hackers and cybercriminals are more likely to target their companies. In this regard, the role CISOs play in modern organizations has grown more critical, as they’re tasked with managing enterprise risk, securing Internet of Things (IoT) devices and deploying security analytics.
To maximize the security of their organizations, CISOs need to go beyond the conventional role prescribed to them. Aside from having the technical know-how and leadership skills, CISOs should also understand how their organizations operate. This will allow them to figure out what initiatives and security projects will benefit the company.
Below are critical initiatives that CISOs should focus on post-pandemic and beyond.
Keep A Close Eye On Remote Workers
To survive and thrive in the global health crisis, many organizations allowed employees to work remotely. While adapting to remote workers ensured survival, CISOs had to quickly pivot to squash security vulnerabilities. This wasn’t easy; CISOs had to figure out how to closely monitor remote VPN connections to identify users and workstations prone to cyberattacks, establish normal patterns and uphold standard security protocols. Implementing a solid security awareness program is key because the hybrid workforce is here to stay.
Make Strategic Use Of A vCISO
One of the key roles that can assist CISOs and the security operations team is a skilled and certified cyber professional. Although there is a major shortage of cybersecurity skills today, many community colleges and universities now offer degrees and/or certificates in cybersecurity.
When the need is urgent, bringing aboard a virtual CISO can save onboarding time, HR and training costs. These vCISOs are independent, seasoned professionals who can be brought on for temporary assignments. They can add another layer of leadership expertise to the security team and worry about compliance mandates too easy to ignore. By working alongside a highly skilled cybersecurity professional, CISOs can educate themselves and better formulate security policies for their organization.
Look for a well-trained and experienced vCISO that will find plenty of work to do. Like renovating an old house, once demolition starts, all sorts of unknown issues can surface. Every organization has different needs, so you want a flexible and creative vCISO that can aptly customize a strategy fit for purpose. You also want leadership qualities since, oftentimes, the vCISO will be called in to address the board should a major data breach or ransomware event occur. A vCISO can be like having a life coach or wing person standing nearby, offering guidance, disarming uncertainly, ridding doubt and building confidence in reaching your own security milestones, maintenance and posture.
Automation Via Managed Detection And Response (MDR)
Most attacks are multistage, starting with initial penetration where attackers have time to investigate the network, learn what data are most crucial to the victim or study the chain of command to stage a future business email compromise attack. The longer the threat is present, the more damage it can cause — pointing to the importance of MDR-led identification and containment. MDR puts the full gamut of security services on tap for organizations lacking internal resources and ability to continuously monitor endpoints and other attack surfaces.
Gartner, Inc. predicts that 50% of organizations will roll out MDR by 2025 to co-manage their threat monitoring, detection and response needs — of which containment functions play a large role.
In a tight, post-pandemic labor market, it’s no surprise that business continuity takes a front seat to IT resources, further hamstringing security teams who feel overworked. There is also FOMI (fear of missing incidents) costing security analysts some sleep, feeling overwhelmed by too many alerts triggered by security apps and devices. To help better manage alert fatigue, CISOs should consider using security orchestration, automation and response (SOAR) tools. These allow teams to collect threat-related data from a myriad of sources and automatically create a response to the threat. Using SOAR can help reduce and manage the number of daily alerts received.
A Ponemon study found that organizations that used such security automation had substantially lower data breach costs, from an average of $6 million down to $2.45 million.
Like all security products, there isn’t a one-size-fits-all MDR solution in the marketplace. One must make an informed decision on the MDR provider after careful evaluation of its threat detection ability and incident response capabilities, support for multiple use cases and platforms, relevant analytical experience, and willingness to customize offerings. Remember that some MDRs might be less expensive than others, but you may not be receiving equal amounts of things in return. Investing in MDR is not a technical decision but a business one. Weigh out the costs and risks to arrive at a decision.
CISOs should be on the lookout for new approaches such as employing attack emulation training and adjusting anomaly detection thresholds. CISOs can ensure their security teams don’t fall into complacency while keeping cyber threats at bay.