Intelligent CISO Issue 40 - Page 50

The best place for CISOs to start with Zero Trust is to identify their organisation ’ s greatest security risks , address them and then extend controls to new , less critical areas over time .
FEATURE

The best place for CISOs to start with Zero Trust is to identify their organisation ’ s greatest security risks , address them and then extend controls to new , less critical areas over time .

attack , prompted many CISOs to reevaluate their risk tolerance levels , cybersecurity and risk management efforts , together with areas of ongoing vulnerability . Alongside this , companies have been urged to update their incident response strategy , using frameworks such as NIST to guide them .
If organisations are attacked , retrospectives should be used as part of their learning to further optimise incident response strategies and build resilience .
For example , questions raised should move from ‘ how were we compromised or breached ?’ to ‘ how can we stop it next time ?’.
First quantify , then mitigate
Recent headline-grabbing attacks have made cybersecurity a regular boardroom discussion and business imperative .
It ’ s the CISO ’ s responsibility to make sure cybersecurity remains at the top of the agenda , even when news cycles are quieter .
To do this successfully , it is critical for CISOs to quantify risk , resulting in mitigating actions in financial terms , and demonstrate how the cybersecurity programme will link to business objectives .
Industry frameworks can also help CISOs demystify cybersecurity and bridge communication gaps with boards and executive management .
Use your IT team to communicate security principles to the organisation
Communication doesn ’ t stop at discussions with the board . In fact , today ’ s CISOs need to effectively articulate cybersecurity ’ s value proposition to customers , partners and also internal stakeholders .
With digital supply chain attacks under scrutiny , the need to build trust by way of transparency has never been greater . The power of empathetic communication cannot be overstated here .
The good news is CISOs no longer have to shoulder the communication burden alone . By actively collaborating with IT security teams , CISOs can strengthen their message to various audiences and break down any siloes that have developed .
Adapting budget allocation to combat new threats
CISOs should prioritise these aspects of security to make the best use of their budgets . In fact , many of these tactics can be implemented without any budget reallocation at all . The aim should be the creation of a comprehensive security strategy to fit today ’ s most prominent threats .
However , for this to happen , security heads must proactively embrace an advisory position , offering guidance and strategy to key stakeholders straight away .
To this end , CISOs should seek partners , both within the organisation and via external public and private partnerships , which will boost their advisory capacity , facilitate information sharing and accelerate the shift to the next stage of cyber-resiliency .
The road ahead will be fraught with cyberattacks , more sophisticated attack vectors and methods , and ever powerhungry cybercriminals . CISOs can make moves to ensure their organisations thrive , rather than merely survive , by prioritising their budget allocation to fit current threats . u
50 www . intelligentciso . com