editor ’ s question
WHAT ARE YOUR THOUGHTS ON THE CHANGING ROLE OF THE CISO
AND HOW IS THIS IMPACTING YOUR MANAGEMENT STYLE ?
? he role of the Chief
Information Security Officer ( CISO ) has notably changed since the COVID-19 pandemic – arguably the biggest catalyst for such change as people transitioned to remote working .
The widening attack surface has become a major challenge for CISOs , causing an increased level of responsibility like never before . This has inevitably affected the stress levels associated with the job , with more and more companies attempting to eradicate this across their organisations . CISOs are now challenged with adapting their management style in order to facilitate the change .
According to Dale Heath , Technology Lead at Rubrik A / NZ , “ the role of the CISO is more important today than it has ever been .” Heath says that attackers today are “ acting with intention – they are going after supply chains to gain more access to more data , they are focusing on specific companies and zeroing in on specific industries .”
The ransomware threat is a significant contributor to the attack landscape and Heath calls for a new approach to cybersecurity in order to mitigate such detrimental attacks . “ A holistic security approach – combining infrastructure , cloud and data security ( or end-toend Zero Trust security ) – is required to help keep an organisation safe ,” he said . “ This means bringing together prevention , detection and investigation as well as ensuring data resilience , data observability and data recovery .”
The role of the CISO is more important today than it has ever been .
But what does this mean for the role of the CISO ? Heath believes that it means the responsibilities of the CISO and CIO and colliding . “ The need for IT and security teams to collaborate and partner has never been more paramount ,” he said . “ The main priorities should be focused on reducing the risk of data loss , ensuring your data is resilient to these attacks and enabling rapid recovery after an attack . It ’ s more than just dedicating resources towards trying to stop an attack from happening in the first place .
Heath says organisations should accept that it is not a matter of if , but when they ’ ll be hit with ransomware or a cyberattack . “ Forward-looking CISOs and their security teams , in partnership with their IT teams , are working to prepare and minimise the disruption when the inevitable occurs , ensuring they have a cyber-resiliency plan and data security strategy in place when they need it the most – turning what could have been a catastrophic event , into a minor inconvenience ,” said Heath . www . intelligentciso . com