[BreachExchange] Things CISOs Should Keep in Mind, for 2019

Destry Winant destry at riskbasedsecurity.com
Fri Feb 1 09:26:52 EST 2019


https://hackercombat.com/things-cisos-should-keep-in-mind-for-2019/

CISOs (Chief Information Security Officers) have a critical role to
play, as regards the overall security of any enterprise today. And
it’s not an easy job either. It definitely is a tough job since they
have to be dynamic and take care of lots of things that pertain to the
security of the organization and comprehensive security of all data
stored in different locations. It’s a tough job because they have to
protect their respective organizations from cybercriminals, who are
getting more and more sophisticated and go on finding ways to crack
organizational networks.

Here’s a look at some key things that CISOs should keep in mind, for 2019:

The enterprise perimeter is now changed…expanded!

Times have changed, and so has the overall enterprise perimeter. With
evolving technology, the enterprise perimeter has expanded to include
IoT, mobile devices, cloud computing et al. A CISO today needs to know
how to manage things within this expanded and ever-expanding
perimeter. His perspectives should change, his approaches should adapt
to the changing times and he should upgrade himself to tackle threats,
incidents and issues that could impact any part of this
unprecedentedly expanded enterprise perimeter.

Cloud resources are increasingly used, keep that in mind!

Well, companies today seek to use cloud resources as much as possible.
This is done not just to store data, but for all kinds of other things
as well. Moreover, employees within an organization would be using all
kinds of cloud apps, even unsanctioned ones. Securing all these would
definitely be a big challenge; hence CISO’s today should gear up to
manage security in the cloud. They need to keep tabs on employees and
their activities, especially to ensure that no critical data is stored
without permission on cloud services and also that no data is shared
using unauthorized cloud apps.

Threats can come from anywhere, ensure visibility across multiple platforms…

This is important, in today’s context. You can’t say where threats
would come from. A CISO should train himself to ensure visibility
across multiple platforms, thus keeping an eye on cloud, mobile and
on-premises assets of an organization.

Look outward and inward as well

All sorts of threats come from outside the organizational network, but
there are threats that come from within as well. A CISO should today
be adept at addressing threats that come from outside as well as those
that happen from within. Employees too could prove instrumental in
causing security incidents. Yes, there are lots of incidents that are
triggered off by an employee opening, often with no malicious intent,
a phishing email and clicking on the link in it. At the same time,
there are incidents that happen because of intentional activities of
employees, dishonest or disgruntled ones. As a result, data could
either be stolen by an outsider who is hand in glove with an insider.
An employee might even release or transmit data to some external
location. All this and much more needs to be addressed and taken care
of by the CISO. It should be seen that employees’ personal devices
don’t lead data. It’s to be seen that employees don’t fall prey to
phishing scams. It needs to be seen that no data is transmitted over
the cloud. It also needs to be ensured that proper access management
and proper encryption secures all kinds of organizational data. The
CISO today also would be responsible for educating and training
employees on different aspects of enterprise security.

A culture of security needs to be developed

In any organization today, a culture of security needs to be
developed. The CISO has to ensure that it’s there and would need to
take care of everything pertaining to that. This would include
ensuring compliance to security standards, periodic upgrading of
software and OS, data security, cloud security, ensuring that
contractors and software providers associating with the organization
follow security procedures, ensure customers’ security etc. A
company’s customer-facing products and services need to be kept secure
as well. Similarly, as part of developing and nurturing a culture of
security, the CISO should also ensure that there is no misalignment
between security operations and IT operations.

Remember, you’re playing a key role!

Yes, with things evolving dynamically fast in the world of cybercrime,
CISOs definitely have a key role to play in any kind of enterprise
today. No doubt, 2019 would demand CISOs to be even more dynamic than
ever before!


More information about the BreachExchange mailing list