Things CISOs Should Keep in Mind, for 2019
CISOs (Chief Information Security Officers) have a critical role to play, as regards the overall security of any enterprise today. And it’s not an easy job either. It definitely is a tough job since they have to be dynamic and take care of lots of things that pertain to the security of the organization and comprehensive security of all data stored in different locations. It’s a tough job because they have to protect their respective organizations from cybercriminals, who are getting more and more sophisticated and go on finding ways to crack organizational networks.
Here’s a look at some key things that CISOs should keep in mind, for 2019:
The enterprise perimeter is now changed…expanded!
Times have changed, and so has the overall enterprise perimeter. With evolving technology, the enterprise perimeter has expanded to include IoT, mobile devices, cloud computing et al. A CISO today needs to know how to manage things within this expanded and ever-expanding perimeter. His perspectives should change, his approaches should adapt to the changing times and he should upgrade himself to tackle threats, incidents and issues that could impact any part of this unprecedentedly expanded enterprise perimeter.
Cloud resources are increasingly used, keep that in mind!
Well, companies today seek to use cloud resources as much as possible. This is done not just to store data, but for all kinds of other things as well. Moreover, employees within an organization would be using all kinds of cloud apps, even unsanctioned ones. Securing all these would definitely be a big challenge; hence CISO’s today should gear up to manage security in the cloud. They need to keep tabs on employees and their activities, especially to ensure that no critical data is stored without permission on cloud services and also that no data is shared using unauthorized cloud apps.
Threats can come from anywhere, ensure visibility across multiple platforms…
This is important, in today’s context. You can’t say where threats would come from. A CISO should train himself to ensure visibility across multiple platforms, thus keeping an eye on cloud, mobile and on-premises assets of an organization.
Look outward and inward as well
All sorts of threats come from outside the organizational network, but there are threats that come from within as well. A CISO should today be adept at addressing threats that come from outside as well as those that happen from within. Employees too could prove instrumental in causing security incidents. Yes, there are lots of incidents that are triggered off by an employee opening, often with no malicious intent, a phishing email and clicking on the link in it. At the same time, there are incidents that happen because of intentional activities of employees, dishonest or disgruntled ones. As a result, data could either be stolen by an outsider who is hand in glove with an insider. An employee might even release or transmit data to some external location. All this and much more needs to be addressed and taken care of by the CISO. It should be seen that employees’ personal devices don’t lead data. It’s to be seen that employees don’t fall prey to phishing scams. It needs to be seen that no data is transmitted over the cloud. It also needs to be ensured that proper access management and proper encryption secures all kinds of organizational data. The CISO today also would be responsible for educating and training employees on different aspects of enterprise security.
A culture of security needs to be developed
In any organization today, a culture of security needs to be developed. The CISO has to ensure that it’s there and would need to take care of everything pertaining to that. This would include ensuring compliance to security standards, periodic upgrading of software and OS, data security, cloud security, ensuring that contractors and software providers associating with the organization follow security procedures, ensure customers’ security etc. A company’s customer-facing products and services need to be kept secure as well. Similarly, as part of developing and nurturing a culture of security, the CISO should also ensure that there is no misalignment between security operations and IT operations.
Remember, you’re playing a key role!
Yes, with things evolving dynamically fast in the world of cybercrime, CISOs definitely have a key role to play in any kind of enterprise today. No doubt, 2019 would demand CISOs to be even more dynamic than ever before!
Julia Sowells707 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.