Although a relatively new corporate position, Chief Information Security Officers (CISOs) are becoming an integral part of the corporate hierarchy as enterprises begin to take security concerns more seriously. Its a smart move considering that in 2019 security breaches cost companies on average $3.92 million. Now in 2020, CISOs are facing accelerating old threats along with some brand new ones. Here are the top eight CISO concerns of 2020:
In a recent study published by Fortinet, when asked what to expect in terms of threats in the new year, CISOs named hackers as their biggest concern. They expressed particular concern about hackers arming themselves with adversarial AI systems capable of breaching networks entirely undetected.
Many companies are shifting from storing their data on site to hosting it in the cloud, which while newer, is less secure and creates a myriad of ways for hackers to invade systems. Multiple clouds, growing mobile connectivity, proliferating IoT devices, and software-defined networking (SDN) combine to form the perfect storm for an attack. CISOs need to be prepared to combat security threats on a variety of fronts. Thus, CISOs need a single screen that at a glance shows multiple streams of network traffic to keep track of whats going on.
Organizations are racing to outpace their competitors, better serve their customers, and get a handle on new security technologies. With the advent of the Internet of Things (IoT)in particular, cybercriminals are finding easy new entry points to targeted networks. Coupled with the acceleration of mergers and acquisitions, this rapid pace of change has created a virtually borderless world of data. As borders get erased, cybersecurity threats and third-party risks grow more imminent.
A well-developed cybersecurity team poses the most reliable threat to hackers. However, because global demand for IT security professionals has outstripped supply, positions can be hard to fill. Gartner predicts that the number of unfilled cybersecurity roles will hit 1.5 million by the end of 2020. Lacking a solid support team can distract a CISO from critical issues, reducing resources to properly manage cyber risks. Its not just having warm bodies to fill the roles that are a problem, however. In Fortinets Global Internet Security Survey, 40% of businesses expressed an increased need for employee learning and development, including teaching awareness of security threats and tactics to prevent them. And fully 20% of respondents in the survey cited a lack of development as a factor that leads to stress and burnout. Helping security professionals stay on top of the latest changes in the industry is also a major concern for CISOs this year.
People are the weakest link in the network security chain. For instance, an employee who falls for a phishing scam can introduce malware into the companys network. Or a staff member can access sensitive information on their mobile device while connected to public networks, elevating the risk of a data breach and letting hackers dodge even the most sophisticated systems. Disgruntled employees may also choose to leak confidential information, making the complete security of company information virtually impossible.
One employees reckless action can leave CISOs vulnerable as the CISO is responsible for all aspects of IT risk management. Of course, CISOs cannot control each employees actions, yet those very actions pose the greatest security threat to the organization. This discrepancy will be keeping many CISOs up at night. Thats why they need to review corporate information security policies regularly and proactively introduce new training materials to educate employees on cybersecurity risks.
IBM puts the average cost of a data breach at $3.92 million. Ironically, however, cybersecurity isnt top of mind at most organizations when budget line items are getting funded. Often thats because its difficult to show a clear return on investment. At smaller organizations or local governments, the problem may simply be the lack of financial resources to reduce cyber threats. Although cybersecurity risks are growing in prominence and corporate boards are taking a greater interest in these threats, many CISOs still have difficulty securing larger budgets.
CISOs face increasingly stringent data protection regulations driven by the dual threat of privacy invasions and increasing cyberattacks. Consequently, corporate security leaders must align their organizations security structures with new, often extremely rigorous proposed laws in addition to meeting the incumbent regulations.
The three challenges noted beforehackers, an expanding attack surface, and the opportunities needed for a security teamare compounded by the current technological landscape. The speed of technological growth and its resulting complexity means the major threats CISOs have to manage will only grow with time.
CISOs will face new security challenges each year, requiring them to keep pace with the constant revolutions of the technology world. This pace, however, is accelerating rapidly. The Fortinet survey mentioned above noted additional issues CISOs raise concerns about, ranging from risk management to strategy security tool proliferation and cybersecurity awareness. These increasingly varied risks in 2020 will put CISOs in an unenviable but critical position in the corporate hierarchy.
2019 Data Breaches By the Numbers
MixMode Now Supports Amazon VPC Flow logs
Featured MixMode Client Success Story: Nisos
A Well-Equipped Security Team Could Save You Millions of Dollars a Year
Network Data: The Best Source for Actionable Data in Cybersecurity
3 Cyberthreats Facing Federal and State Governments in 2020
Staying CCPA Compliant with MixModes Unsupervised AI
Follow this link:
The Top 8 Concerns for CISOs in 2020 - Security Boulevard