02 August 2016
Blogs by author: Global Services, We’re a leading global business communications provider
The CISO’s job description has changed beyond all recognition, reflecting seismic shifts in the digital environment. So what does today’s CISO need to focus on?
The changing role of the CISO.
In recent years, the CISO’s role has changed dramatically. Once purely defensive, responsible for patrolling a specific perimeter, the CISO now has to look further than merely providing a functional cyber defence.
Now, the CISO needs to be involved with strategy, looking ahead and spotting the next attack vector. At the same time though, they need to take on the task of helping the entire organisation to incorporate security. They have to make sure that security is part of every aspect of the organisation’s development, in every department.
The guard dog and the guide dog.
As Mark Hughes pointed out in his blog, CISOs “need to become multi-faceted leaders with the ability to interpret and process new knowledge, and use it to contextualise strategy and direction. The new CISO needs to understand the wider business context and strategies, and adapt their knowledge of IT and security to support and enhance these objectives.”
This means that, where they were once the ‘guard dog’ of an organisation, they must now become the ‘guide dog’. And that involves leading the current security strategy, with an eye on the future — including training the individuals who will protect your organisation’s cyber security in the years to come.
In our latest joint research conducted with Intel Security, carried out at Infosecurity Europe in June 2016, security professionals gave a true picture of what the CISO of today is up against.
- A lack of people, skills and investment — this stops organisations from responding to security events quickly.
- An increasingly mobile threat landscape. Over the next two years, cyber security will require more emphasis on mobile and digital security, and a more strategic approach.
- Huge increases in the number of certain attacks, including: ransomware, phishing attacks, social engineering, hacking of networks as well as denial of service attacks. (Ransomware in particular has become a significant threat, with 79 per cent of security experts noting a rise in this type of attack.)
Intel Security’s quarterly threat report.
Security experts’ final concern regarding attacks is backed up in Intel Security’s most recent quarterly threat report, which outlines that:
- There were 575,000,000 malware attacks alone in the first quarter of 2016.
- Ransomware rose 24 per cent in just a few months in 2016.
- The main network attacks in early 2016 include browser attacks (33 per cent of all attacks); brute force attacks (23 per cent) and denial of service attacks (22 per cent).
Today’s CISOs need to broaden their skill set, raise their sights beyond the immediate and towards the threat horizon. At the same time, they need to nurture a culture of security within their organisations and grow the next generation of security professionals.