Intelligent CISO Issue 55 - Page 29

There is learning required on both sides .

? editor ’ s question

n my line of work , I

I speak to CISOs day in , day out about their main pressure points and as a former CISO myself I can certainly relate to many of them . The unfortunate truth is it ’ s very difficult to adequately prioritise certain strategies these days , as attacks are coming in from all angles .

We recently conducted a survey of CISOs across the world and one of the illuminating findings was a lack of consensus as to the most significant threats targeting their organisation . Insider threats topped the list at 31 %, but were closely followed by DDoS attacks , Business Email Compromise and Cloud Account Compromise , all at 30 %. Despite dominating recent headlines , ransomware only came in at 28 %.
Thankfully , when remote working was thrust on organisations at the beginning of the pandemic , it became clear to CISOs that they had to prioritise their efforts to address the cyberthreats targeting today ’ s distributed , cloudreliant workforce . If there ’ s one silver lining to the last two years , it ’ s that it drove a greater realisation that the architecture of our enterprises had fundamentally changed , placing users at the centre rather than technology . While threats are coming from all angles , CISOs have now embraced the need to focus on human-centric vulnerabilities which are at the heart of the most pressing threats .
There is learning required on both sides .
With hybrid work here to stay and the impact of The Great Resignation being felt worldwide , the majority of CISOs have recognised the distributed nature of their critical information and become concerned with protecting this data from malicious or accidental leakage and insider threat . With employees now forming the defensive perimeter wherever they work , half of CISOs said that increases in employee transitions means that protecting data has become an increased challenge and that investment in information protection is top of the list of priorities for the next two years .
However , it ’ s important to note that sometimes CISOs are not the only ones at the wheel . While cyber-resilience is essential for their organisation ’ s operations and Business Continuity , other executives and board members may see things differently . Only 35 % of the CISOs we surveyed said that their board sees eye-to-eye with them on cybersecurity issues , so we decided to ask the same questions to other board members to assess the degree of alignment . Concerningly , only 28 % of board members see insider threats mitigation as a top priority opposed to 35 % of CISOs . This lack of alignment is another potential security threat in itself .
There is learning required on both sides , but modern day CISOs need to prioritise bridging the misalignment with board members and communicating more effectively , fostering collaboration and helping board members better understand the necessary strategies to combat today ’ s cybersecurity risks . www . intelligentciso . com