[BreachExchange] Blinking In The Dark: A Day In The Life Of A CISO
Destry Winant
destry at riskbasedsecurity.com
Tue Jul 28 10:42:38 EDT 2020
https://www.informationsecuritybuzz.com/articles/blinking-in-the-dark-a-day-in-the-life-of-a-ciso/
It’s said that the devil never sleeps. Perhaps no other industry
demonstrates this so pointedly as cybersecurity, where the enemy could
be anywhere in the world — and in any time zone. Finding time to relax
is tough enough in today’s digital 24/7 world. But having a job where
the bad guy could sit down to begin his “work” day with a hot cup of
coffee at the same moment I’m rolling over to turn off the light, is a
surefire recipe for insomnia. And that doesn’t take into account the
challenge of keeping on top of an ever-evolving slew of technological
advances all geared to keeping an organization secure.
Sunrise, Sunset
Knowledge is power. For any CISO worth their salt, staying on top of
emails and daily threat briefs from the moment they get up means the
difference between having a solid understanding of the threat
landscape and what the day might have in store, and some very nasty
surprises. Spoiler alert: CISOs don’t like surprises. In our line of
work, they are rarely good — so you better have your finger on the
pulse on what’s going on long before you sit down at your desk.
Being effective means always thinking to make sure you didn’t miss
anything over the course of the day. Being a CISO, you get accustomed
to the feeling you get when you’re on the way to the airport — no
matter how much you planned, how well you organized, and how thorough
you were in preparing, there’s the feeling that you’ve forgotten
something.
For the most part, I sleep soundly, confident in my company’s cyber
security approach of focusing on Response with a capital “R.” I know
my team is ready to react at a moment’s notice and that they are armed
with the tools they need to not only identify a threat, but contain
and remediate it in less than 20 minutes. Knowing we have the ability
to respond efficiently at any time of day provides me assurance that a
threat’s impact will be minimized thanks to our quick reaction time.
Same Wolf, Different Sheep
It’s been interesting to see how attackers have adapted their lures in
the wake of the pandemic. Unsurprisingly, they tend to be
COVID-themed, but otherwise, the wolves are the same just in different
sheep’s clothing. Even so, it pays to be ready.
Preparation is never time wasted, so when the pandemic broke – to
ensure we were fully prepared for any eventuality – we executed a
COVID-related phishing simulation to demonstrate what types of threats
might arise in the current climate. A CISO’s objective is to prevent
security breaches, and to do that you need to be focused on response.
Spending the majority of your time on prevention is not the way to do
that.
Knowing we have a strong response plan in place helps me sleep at
night. But even knowing this, I can’t afford to become complacent.
>From where I sit, it’s critical to conduct test drills across the
entire organization two to four times a year. By involving the company
as a whole, I ensure there is representation across all teams and
everyone has an understanding of how their roles can be impacted and
how to respond accordingly.
Trust No One
CISOs need to be cognizant of the fact that their workforce will in
all likelihood continue to be spread out, and that with the shift to
remote work, there’s less talk around the office water cooler and more
emphasis on collaborative tools that need to be protected.
Accordingly, organizations need to think differently. They need, for
the foreseeable future, to be even more vigilant about third-party
tools and the security surrounding collaborative tools.
Basically, if a CISO isn’t already thinking about (or better still,
implementing) a Zero Trust approach, they need to be. With Zero Trust,
it’s not about the physical location – being inside your network’s
perimeters is just as suspect as being outside it. Authentication is
required from everyone, no matter where they are. It’s that ability to
go beyond the physical confines of a network that will be a critical
component of successful managed detection and response in the future.
It’s impossible to say with certainty what the future holds, but even
without a crystal ball, it’s clear that CISOs need to be taking
proactive steps to plan for a post-COVID world. To stay one step ahead
of the bad guys, CISOs need to be able to pivot to whatever is going
on in the threat landscape. Being able to cope with a constantly
shifting environment is part of the job but it’s certainly not the
only part. To be successful, you need to have just as much business
acumen as you do an understanding of technology, and you have to be
able to articulate to your Board how risk is managed and why it’s
important.
More information about the BreachExchange
mailing list