Organizations everywhere are being affected by the rapid shift to digital. The pressure to innovate and get the jump on competitors means constantly re-assessing IT capabilities.
Racing to deliver everything online affects cyber security too. Demand for skills is intense. Key roles can go unfilled for extended periods while the fact that insider threats are a very real issue means that security awareness needs to improve at every level of the organization.
Add to that the changing role of the CISO. As cyber becomes more embedded across enterprises, security leaders need to make the business case for ongoing investment beyond the IT department.
CSOs and CISOs now have responsibility for building the confidence inside their organizations that systems, software and data; customers, partners and employees are all fully protected.
To communicate this effectively to the board and employees, technical rationales for improving security aren’t enough anymore. Arguments need to be framed in business terms – and around business benefits and risk mitigation.
The need for broader buy-in is made even more pressing by the shift to the cloud. There’s a danger that handing over management of infrastructure and software means we can hand over responsibility for security too.
Closing the gaps in technologies, skill sets and perceptions of risk will help CISOs breed confidence and promote the message across the business that technology alone can’t fix every vulnerability. A blended approach of better systems and switched-on employees is required for success.
Improving cyber confidence
Many companies out there are doing amazing things internally to raise awareness, sending fake phishing emails to staff to measure their reactions, for example. A process of constant training to educate everyone about the impact that security can have, both on them personally and on the whole corporation, is critical.
Balancing the benefits of the cloud
People may assume that if you move to the cloud, it’s more secure. But there are important areas you still need to focus on from a security perspective. It’s about making cloud and security journeys in parallel, rather than treating them as something separate.
Keeping up with the pace of cyber change
The digital world is moving so fast that sometimes we can’t keep up. The same could be said for security. The threat landscape evolves so quickly; it’s so fast-paced. It’s the things we don’t know that are most worrying. Everyone is so busy, that constant learning and re-assessing skills to ensure they follow the direction technology is taking us, is difficult. There are certain areas of cyber where we simply have to find a way to keep improving our skills.
Influencing at every level of the organization
Cyber needs to play a foundational role now, where everybody in the organization understands the impact of security and how important it is. CISOs have to be able to talk at the board level, but finding those people is getting harder. By 2020 it’s predicted there will be two million job openings in security, which is absolutely huge. Finding the right people who can communicate effectively across the business will be an ongoing challenge.
View our full interview with Carmina as part of our Security Begins Here series.