Intelligent CISO Issue 9 - Page 62

IT’S TIME FOR CISOS TO LOOK BEYOND THE FIREWALL Enterprises across all sectors are now facing a new, expanding, threat landscape where security challenges extend well beyond a company’s perimeter firewall. As this expansion continues, building a better defence with point solutions will no longer be enough to efficiently protect organisations from cyberthreats, warns Fabian Libeau, EMEA VP, at RiskIQ. He talks to us about the challenges facing modern CISOs and what is needed to counter them. T he Chief Information Security Officer’s (CISO) role is going through a period of transition. The number of security breaches over the last year is unprecedented and growing, clearly demonstrating the need for a re-evaluation of current security thinking. The required changes must be driven top down and apply across the whole organisation, with the CISO acting as a key enabler. As organisations move their customer and partner interactions online with unprecedented speed in their quest to remain competitive, an unfortunate result is that their digital attack surface often grows to an unmanageable size. Modern CISOs are responsible for curbing 62 the inevitable increase in the risk of data theft, operational disruption and brand erosion, as well as employee and customer compromise. As digital assets across web, social and mobile platforms become prime targets for cybercrime, CISOs must find ways to not only defend their digital assets residing on their own networks and endpoints but also their often overlooked digital assets residing outside the corporate network. Today, spotting cyberthreats lurking on the Internet requires a level of visibility that most organisations lack. Successful CISOs are those investing in surveillance and reconnaissance tools that can show how their digital attack surface appears to attackers; a collection of widely dispersed digital assets that can be exploited in a variety of ways. Fabian Libeau, EMEA VP, at RiskIQ Beyond the firewall For many organisations, digital channels have overtaken more traditional channels in terms of customer preference and engagement. While this brings extended reach, lower cost and, for smaller organisations, levels the playing field against bigger competitors, it also brings new security challenges. Indeed, threat actors are undertaking reconnaissance on the digital presence of organisations; their registered domains, websites, email systems and other Internet exposed infrastructure, looking for vulnerabilities to exploit. In addition to direct attack, another common tactic is the impersonation of the organisation and its brands on Issue 09 | www.intelligentciso.com