Intelligent CISO Issue 40 - Page 49

By focusing money and time where it ’ s most needed , CISOs can continue to ensure the security of their organisations ’ assets .

C

CISOs , security leaders and their teams have demonstrated a huge amount of resilience throughout the pandemic . They ’ ve had to work with tighter budgets when cyber-risks have grown . And they ’ ve had to contend for board-level prioritisation among other organisational challenges . Even as companies look ahead towards brighter skies , frugality will be crucial to CISOs . Budgets will have to stretch further without compromising operational security .
It will be difficult for many to make this work . They will require a strategic change . But by focusing money and time where it ’ s most needed , CISOs can continue to ensure the security of their organisations ’ assets .
Reconsider the way your employees engage with security
The pandemic has tested our vision for distributed work beyond anything we could have imagined . Remote teams have shown themselves to be incredibly resilient in continually rising to the challenge of blending their home and work lives .
Now though , CISOs have a unique opportunity to provide the strategic insights and direction needed to sustain and enhance remote and hybrid work models as many regions of the world start to transition out of lockdown . CISOs should encourage their organisations to move away from legacy approaches , and prioritise the implementation of new digital security strategies and user-friendly tools and policies to securely empower workers .
Adopt the principle of Zero Trust
There ’ s a broad consensus among CISOs that the complexity of today ’ s cybersecurity challenges demands a ‘ trust nothing , verify everything ’ approach – otherwise known as a Zero Trust mindset .
FEATURE
one-size-fits-all approach . In fact , the best place for CISOs to start with Zero Trust is to identify their organisation ’ s greatest security risks , address them and then extend controls to new , less critical areas over time . It ’ s also equally important to work alongside IT and endusers to ensure they both understand and adopt this new model .
Think like an attacker
Threat actors will always find new and innovative ways to penetrate networks , steal data and disrupt business – it ’ s not a question of if , but when . The trick is to adopt an ‘ assume breach ’ mindset to help detect and isolate adversaries before they traverse a network and inflict damage .
Doing so means getting into the mindset of an attacker , something which can give CISOs the edge they need to stay one step ahead . Assuming any identity in the network has already been compromised means security teams can anticipate an

By focusing money and time where it ’ s most needed , CISOs can continue to ensure the security of their organisations ’ assets .

attacker ’ s next move , minimise impact and stop threats before they reach valuable assets and cause harm .
This does not require a massive budget increase , but a change of approach .
David Higgins , EMEA Technical Director , CyberArk
While this method repositions the security perimeter around individual identities , ensuring that everyone and every device granted access is who and what they say they are , it isn ’ t a
Adopt a solutionfocussed mindset
Sophisticated cyber intrusions such as the SolarWinds digital supply chain www . intelligentciso . com
49