Today’s cybersecurity attacks are more complex and vociferous than ever. John Davis, director UK & Ireland at training firm SANS Institute, offers sound advice for IT leaders amid a nightmarish threat landscape…
Cybercrime remains on the rise. Estimates suggest we’ll see the global cost rise to £8.4 trillion annually by 2025.
There’s no doubt that CISOs must arm themselves against new and unusual threats – and their greatest challenge lies in the complexity of defending against cyber threats in the modern enterprise.
The IoT is booming, cyber teams are depleted and regulators are tougher than ever. Leading a business’s security posture from the front must be exhausting – and yet, CISOs still lie awake at night worrying.
Here’s what’s keeping them up, and the answers they’ll need to help them rest up, re-energise, and defend the business seamlessly.
“No one else takes our company’s security as seriously as I do”
Security is only as strong as its weakest link – so the entire organisation must be well-versed in how to protect the business. And it’s the CISO’s job to bring employees up-to-scratch.
Security professionals aren’t exempt. They need constant upskilling to defend the latest interactions of cloud, data and networking. Elsewhere, other IT professionals rank security as one of the top 5 skills they want most. The rest of the business needs a zero-trust mentality – committing not to trust users until they prove they are indeed trustworthy.
Thankfully, the C-suite knows the importance of security; regulators are all too clear. Training should be a first point of call. It can improve security hygiene by implementing best practices and cybersecurity frameworks across the entire extended enterprise. It must also be continuous: training in security communication can also reduce long-term drop-off in vital security skills across the company after initial training.
“I can’t defend against today’s threats with such a small team”
The technology skills gap is affecting organisations across the world. The pandemic only served to exacerbate it, with cybersecurity skills among the most sought after, and also the hardest to find, as CISOs are all too aware.
The answer lies in taking the pressure off CISOs, allowing them to focus on leading the security strategy of the organisation.
Managed service solutions (MSS) can enable this. Unlike hardware solutions, they are easy to deploy and implement, giving understaffed companies access to bespoke threat hunting, detection and remediation through outsourcing.
Similarly, artificial intelligence (AI) and machine learning (ML) technologies take the pressure off CISOSs and allow a hands-off approach by completing repetitive and precise tasks. Training your team to integrate AI and ML into your security posture can create stronger defences than ever.
“A rapidly growing company like mine is tougher to defend”
The extended enterprise brings with it an expanding threat landscape. Amid the celebration of growth, CISOs will naturally feel chased by both threat actors and regulators.
It’s predicted that the number of IoT endpoints globally will increase 18% this year alone, and 53% of security professionals are concerned. The answer: integration between networking and security, using a single unified cloud-delivered service. It offers far greater visibility over all endpoints which could act as doorways for threat actors.
Equally, tougher data protection regulation has made data privacy and regulatory compliance a top concern for growing enterprises. The good news is it’s also a top 3 driver of IT security budgets in European organisations. Investing in training and certification will ensure protection against regulatory wrath, as well as threat actors.
Banish nightmares and live the dream of confident security leadership
The complex modern enterprise is certainly enough to cause any CISO to dream of a simpler, more effective approach to security.
However, the modern CISO has vital tools up their sleeve to enable this: training, communication, technologies and service providers. They allow a focus on leading on the business’s security needs from the front, without worrying that gaps will be found by attackers.
This way, CISOs can also show up to work with the necessary energy and confidence to defend against the toughest of threats, every single day.