Magazine Button
Four aspects of a CISO’s role that must not be ignored

Four aspects of a CISO’s role that must not be ignored

Deep DiveEnterprise SecurityTop Stories
Jan van Vliet, VP and GM of EMEA, Digital Guardian explores some of the lesser known aspects of a CISO’s role and why they play a big role in the overall security posture of any organisation

Jan van Vliet, VP and GM of EMEA, Digital Guardian explores some of the lesser known aspects of a CISO’s role and why they play a big role in the overall security posture of any organisation.

With security so high on every corporate agenda these days, Chief Information Security Officers (CISOs) are under more pressure than ever before to keep their organisations protected. But with so many different things to consider at all times, less experienced CISOs can quickly become overwhelmed. This typically leads to the adoption of a blinkered approach to the job, focusing on a handful of ‘big ticket’ items whilst eschewing many other smaller, but equally important aspects of the role.

It’s easy to understand why it happens, but this approach invariably leads to issues over time. In many cases, just a little bit of attention to the four areas below can go a long way towards improving overall security posture.

  • Empowering employees through proper training and education

It’s all too easy to fixate on technology as the best way to protect an organisation but in reality it’s employees who play the biggest role in keeping hostile actors out. For that reason, training and education should never be skimped on, or ignored. Not only is it highly cost effective compared to the investment required for large scale security solutions, but in many cases, a properly trained workforce will do more for overall security as well. Properly trained, vigilant employees can quickly identify phishing attempts or social engineering tactics and even spot rogue insiders, helping to prevent many attacks entirely.

  • Taking the time to thoroughly vet partners and third-party vendors

Data plays a critical role in nearly every business today, but few organisations have the in-house capabilities to recover it themselves in the event of loss or corruption. As such, many choose to partner with third party specialists for such tasks.  However, what they often don’t realise is that a lot of these vendors actually fail to meet the stringent data protection standards that the organisations themselves must adhere too, leaving them at risk of breaching compliance regulations. Taking the time to thoroughly vet external partners is critical for any CISO looking to avoid financial/reputational damage, as well as major embarrassment in the event of a security breach.   

  • Remembering to think like the enemy on a regular basis

Unlike CISOs, hackers are not bound by corporate rules or protocols and their only goal is to identify and exploit any vulnerability they can find in an organisation’s defences. Furthermore, their general lack of formal qualifications means they tend to behave in unpredictable ways, employing outside-the-box thinking and novel tactics to remain undetected by conventional security tools.

In order to get on the same wavelength, CISOs need to understand the hacker mindset. This requires stepping away from the distractions of day-to-day operations and just taking the time to conduct personal research, speak with colleagues or liaise with law enforcement agencies about the latest tactics and tools being used. Cybersecurity is one of the fastest evolving industries out there and failing to keep pace with it can have significant consequences, so regular due diligence like this should not be considered optional.

  • Knowing your own shortcomings (and doing something about them)

Top CISO candidates have a unique blend of expert technical knowledge and understanding, strong interpersonal skills and effective management technique. Unfortunately, there tends to be very few individuals out there that boast all of three these skills ‘off the rack’. It’s more typical to find candidates that are strong in two areas but perhaps require additional training in the third area. While this doesn’t prevent them from taking up a role as a CISO, it’s imperative that they know their own limitations and take steps to mitigate them as quickly as possible.

There are many ways they can do this, including enrolment in suitable training courses as well as surrounding themselves with a strong team of individuals that can compensate for any areas of personal deficiency with expert knowledge of their own. A strong team also helps to share the workload, reducing the pressure on the CISO and preventing them from becoming a bottleneck within the organisation.

CISOs don’t have it easy. With so much pressure on their shoulders to protect their organisation from the bewildering number of different attacks out there today, it’s no wonder some end up with tunnel vision. However, this is almost always to the detriment of overall security posture.

The most effective CISOs take the time to regularly think about every aspect of organisational security, not just the big-ticket items and the latest technology solutions out there.  This article highlights four such areas that with a small amount of attention can have a big impact on security.

 

 

 

Click below to share this article

Browse our latest issue

Intelligent CISO

View Magazine Archive