3 Things Your CISO Should Be Worried About

August 14, 2018 Eric Dosal Eric Dosal

The Chief Information Security Officer (CISO) in any organization has to face a massive burden. Keeping your business safe from the seemingly endless stream of online threats that seek to steal your data or do your business harm in some way is no small task.

What are some of the things that your company’s CISO should be worried about? And, what can your company do to address these issues so your CISO can relax a little? Well, some of the key things that your CISO should be worried about include:

The Constant Evolution of Cybersecurity Threats

There is a constant influx of new threats being created every minute of every day. In fact, according to one article by Kaspersky Labs, “the number of new malicious files processed by Kaspersky Lab’s in-lab detection technologies reached 360,000 a day in 2017.” That’s 41 new malicious files every hour—and that’s just the ones detected by Kasperksy Labs. Worse yet, the rate of new malicious software is continuing to grow.

The sheer number of cybersecurity threats that are created each day is impossible for any one person to keep up with.

Aside from the constant influx of new malware programs, malicious actors are constantly working on new strategies to harm your business, steal its data, or make you pay a ransom. They create new and inventive ways to deliver malware to your company’s systems or trick your employees into giving up priceless information.

So, not only is there an endless stream of new threats being created, the delivery systems for those threats are being continuously refined. Being a CISO means maintaining constant vigilance to keep up with the ever-changing threat environment.

Your Own Employees’ Carelessness

The employees in your company’s network pose one of the single largest threats to your cybersecurity. In fact, according to data cited by IBM’s Security Intelligence blog, “security breach research showed that nearly three-quarters of incidents are due to insider threats.”

However, not all of these threats are intentional. As the IBM article went on to state, a Black Hat security conference survey “showed that 84 percent of cyberattacks reported had been due to human error… this could include failing to apply a patch, using easy-to-guess passwords or leaving physical devices in an unsafe area.”

Employees make basic mistakes all the time that can result in severe repercussions for your organization’s cybersecurity. The larger your organization, the more likely it is that someone is going to mess up sooner rather than later—and, the more you usually stand to lose as a result.

Keeping an eye on your every employee with access to your company’s network infrastructure and making sure they’re adequately trained to avoid making critical mistakes is a full-time job—one that takes place in addition to the CISO’s other duties.

The Cybersecurity Talent Shortage

With so many threats and the need for constant vigilance, cybersecurity teams need to have a full roster of highly-trained and experienced personnel to operate effectively. Too bad there just aren’t enough experienced personnel to go around.

As noted in a Forbes article on the subject of the cybersecurity skills shortage, “there will be a global shortage of two million cyber security professionals by 2019. Every year in the U.S., 40,000 jobs for information security analysts go unfilled, and employers are struggling to fill 200,000 other cyber-security related roles.”

This is driving massive demand—and massive pay—for cybersecurity specialists of all stripes. This also makes it incredibly difficult for most organizations to internally build the kind of full-size cybersecurity team that they need to properly manage their cybersecurity architecture.

Addressing Cybersecurity Issues

So, how can you address the above issues and give your CISO a bit of breathing room? There are a few things your organization can do, depending on your resources, cybersecurity goals, and risk tolerance:

  • Establish a Formal Cybersecurity Management Program. If one doesn’t already exist, it is vital that you establish a cybersecurity management process for your business as soon as possible. If you do have one, it may be time to review it to ensure it is still current and relevant to your organization—and to refine it if need be. This is a multi-step process that will require you to:
    • Audit your network assets and data.
    • Run a risk assessment and define your risk tolerance.
    • Establish what is “sensitive” and “mission-critical” data for your organization.
    • Put in place appropriate cybersecurity tools based on needs identified during the audit and risk assessment.
    • Review/establish your employee cybersecurity training program.
    • Track key cybersecurity performance metrics.
    • Document your process so it can be consistently applied across the entirety of your business.
    • Periodically revisit your cybersecurity process documents to refine them.

  • Acquire More Cybersecurity Personnel. Adding extra personnel to your cybersecurity team can make your CISO’s job a bit easier—allowing them to focus on high-level initiatives and cybersecurity strategies rather than being constantly “stuck in the weeds.” However, doing this internally can be prohibitively expensive. So, many organization choose to acquire outsourced cybersecurity teams to fill their needs for a fraction of the cost.

  • Get Virtual CISO Services. If your company doesn’t have someone to fill the CISO role, it may be necessary to find a cybersecurity partner who can fill the role for you virtually. For example, Compuquip’s virtual CISO services provide cybersecurity program development, third-party penetration test management, cybersecurity policy/procedure reviews, incident response development, and quarterly meetings to keep your team in the loop regarding your cybersecurity.

If your CISO needs support—or your business outright needs a CISO to counter the never-ending threats targeting it—please contact the Compuquip Cybersecurity team today! We’ll be happy to help you review your cybersecurity situation and provide suggestions to help you keep your business more secure online.

For more information about managing your cybersecurity, you can download our Cybersecurity Basics Guide at the link below:

back-to-cybersecurity-basics