The past few years have shown us, based on enterprise network security statistics and also information from SMEs, that everything we thought we knew about cybersecurity and the threat landscape is either no longer relevant or is changing so quickly that it can feel impossible to keep up.
This leaves CISOs with a lot on their plate in 2020, but at the same time, it can be exciting to meet these challenges head-on and see that increasingly cybersecurity is something that’s an organizational and cultural goal as well as being a technical objective.
The following are some things CISOs should be looking at and possibly prioritizing in this new year.
A lot is coming your way as a CISO or CIO and you need to be able to clearly identify these issues so that you can come up with a plan to combat them.
Some of the biggest overall challenges are going to come from the fact that there is a growing maturity and complexity of technologies, including IoT and AI, as well as data and analytics.
CIOs are leading the charge as far as implementing these technologies but there is also a fear that the pace of change means there will be unidentified cybersecurity issues.
There are also more day-to-day issues to consider here, such as how to create value with digital opportunities and how to not only improve the customer experience through new technology but also the employee experience.
As there are more emerging technologies going mainstream, CISOs in 2020 should ensure they’re finding solutions aligning with the requirements of the business.
Improving Vendor Management
With the speed of digital transformation happening so quickly, there is a need for due diligence in terms of cybersecurity to keep pace.
This will require CISOs and others within the organization to look closely at vendors and how they work with and manage them. There will be more vendors that come into the equation as well because there will be a growing need to outsource.
Outsourcing has benefits, including cutting costs and solving certain capability issues, particularly with a limited amount of qualified and skilled cybersecurity talent available, but it can create challenges also.
There’s going to need to be a big focus on true partnership and really delving into what third-party vendors do and don’t do in terms of security.
It’s been touched on, but undoubtedly, one of the biggest issues facing organizations of all sizes in the coming years, particularly when it relates to cybersecurity, is access to skilled talent.
CISOs are going to need to be working toward building and cultivating an empowered workforce.
The focus, especially in the face of the interactions between humans and AI, should be talent with expertise in areas such as architecture, security, data, cloud, mobility, and AI.
Transformation for the Sake of Business Results
There is a tendency for people who are tech-centric to think about digital transformation as something in and of itself. They want to bring in the newest and most innovative technology, but they don’t do so within the framework of improving business results.
Digital transformation is a business issue, and anything done for its sake should ultimately be about delivering measurable business results.
CISOs, CSOs, and executives need to come together with their overarching goals and ensure they’re all aligning with one another.
Transformation isn’t an exclusively tech-based issue. When a CISO makes it a priority to align cybersecurity and the mission of the organization it helps them have a better understanding of the level of risk the business can tolerate.
Finally, CISOs always have to have an ear the ground as far as what attacks might look like. They continue to evolve, and things like phishing attacks are growing more sophisticated. Phishing attacks focus on the end-user, so CISOs need to find ways to work with other areas of the organization to deliver appropriate employee training and build a culture of security.
Protection as far as cybersecurity and CISO objectives need to include a comprehensive asset management program and monitoring for lateral movement. Investing in people is also a top priority and this is going to feel unique and potentially challenging for many CISOs.
2020 is shaping up to be an interesting year where both growing threats and technologies are converging and creating challenges. CISOs have to stop thinking of themselves as existing within a silo and instead take a more holistic look at their role within the organization.