editor ’ s question
?
he COVID-19
T pandemic has created new opportunities for bad actors , and it has become important for CISOs to draw upon their business skills to reinforce a strategic view of risk reduction in conversations in the boardroom and the corner office . CISOs are now in a stronger position to offer their guidance about how cybersecurity drives and aligns with business goals , so they have to think and act more as business visionaries than as purveyors of technical advice . The four main ideas I suggest considering for your cybersecurity strategy are :
1 . Rebalance your priorities . CISOs need to commit to a rebalancing of priorities based on the new realities of work and cyber-risk . Automation , in particular , must be a major priority for CISOs for two reasons : the lack of sufficient manpower resources ; and the increasing innovation displayed by cyber-attackers .
2 . Review your organisation ’ s risk model . As organisations transition from a new work model based on a dramatic acceleration of the shift away from headquarters-based work , the risk model must change accordingly . We have all written about , talked about and experienced what happens with remote work operations , in terms of infrastructure resilience and risk related to home networks , shared devices and personal cloud services . Your employees will continue to be targeted and they too must be educated about risk .
3 . Rethink your relationship with the board of directors . Not long ago , many CISOs were thrilled just to be invited to
CISOs need to commit to a rebalancing of priorities based on the new realities of work and cyber-risk .
a board meeting speak . Now , we expect to be an integral part of meetings and board communications . But the CISO ’ s relationship with the board must shift from ‘ informing the board ’ to ‘ educating the board ’ and eventually ‘ leading the board ’ on risk assessment and mitigation .
4 . Reset your technology mind frame . As you reassess risk in the context of business strategy , undoubtedly
HAIDER PASHA , CHIEF SECURITY OFFICER AT PALO ALTO NETWORKS , MIDDLE EAST AND AFRICA ( MEA ) you will need to modernise and even transform your cybersecurity technology approach . One thing to consider is jettisoning the traditional best-ofbreed approach in favour of a more integrated , platform-based approach to cybersecurity defences . Cyber-risk and the technologies needed to address that risk is becoming more complicated and diverse than ever . Managing dozens or even hundreds of cybersecurity tools across the enterprise — and the escalating number of technology suppliers associated with it — is no longer efficient . You ’ ll need more cybersecurity functionality in the post- COVID era , but that doesn ’ t necessarily mean you need to buy more products from more vendors . Instead , focus on integrated functionality at a platform level from a smaller number of strategic , proven and innovative partners .
Technology will certainly become more important in identifying , preventing and remediating cybersecurity threats , both during the pandemic and beyond . CISOs and CIOs will need to work closely now more than ever to ensure that their business evolves but with the right level of risk exposure . u
CISOs and CIOs will need to work closely now more than ever to ensure that their business evolves but with the right level of risk exposure .
30 www . intelligentciso . com