The Rise of The Ciso

As IT se­cu­rity in­creas­ingly be­comes a pri­or­ity, the CISOs in­flu­ence within com­pa­nies is grow­ing; how­ever, se­cu­rity strat­egy in many or­ga­ni­za­tions are still largely re­ac­tive and not yet aligned with busi­ness func­tions

Dataquest - - FRONT PAGE -

Anew global study re­leased by F5 Net­works takes a deep dive into the na­ture of the CISOs role and the IT se­cu­rity ap­proaches or­ga­ni­za­tions around the world are tak­ing in to­day’s con­stantly evolv­ing threat land­scape. The re­port finds that as IT se­cu­rity in­creas­ingly be­comes a pri­or­ity, CISOs in­flu­ence within com­pa­nies are grow­ing; how­ever, se­cu­rity strat­egy in many or­ga­ni­za­tions is still largely re­ac­tive and not yet aligned with busi­ness func­tions.

Con­ducted by the Ponemon In­sti­tute, the find­ings are based on in­ter­views with se­nior-level IT se­cu­rity pro­fes­sion­als at 184 com­pa­nies in seven coun­tries: The United States, the United King­dom, Ger­many, Brazil, Mex­ico, In­dia and China.

“This re­search pro­vides a unique view into how CISOs are op­er­at­ing in to­day’s chal­leng­ing en­vi­ron­ment,” said Mike Con­vertino, Chief In­for­ma­tion Se­cu­rity Of- fi­cer at F5. “It’s clear CISOs are mak­ing progress in how they drive the se­cu­rity func­tion and the lead­er­ship role they are as­sum­ing within com­pa­nies. Yet in many or­ga­ni­za­tions, IT se­cu­rity is not yet play­ing the strate­gic, proac­tive role nec­es­sary to fully pro­tect as­sets and de­fend against in­creas­ingly so­phis­ti­cated and fre­quent at­tacks.” KEY FIND­INGS Re­spon­si­bil­ity grow­ing for CISOs: Al­though CISOs have vary­ing degrees of in­flu­ence among up­per man­age­ment in their or­ga­ni­za­tions, most CISOs are in­flu­en­tial in managing their com­pa­nies’ cy­ber­se­cu­rity risks, and their im­pact is grow­ing. Sixty-eight per­cent of re­spon­dents say CISOs have the fi­nal say in all IT se­cu­rity spend­ing, while a slightly smaller num­ber (64%) say they have di­rect in­flu­ence and author­ity over all se-

The av­er­age head­count of IT se­cu­rity per­son­nel will in­crease from 19 to 32 full-time (or equiv­a­lent) em­ploy­ees over the next two years, with nearly half (42%) feel­ing their cur­rent staffing is not ad­e­quate

cu­rity ex­pen­di­tures in their or­ga­ni­za­tions. Eighty-seven per­cent of re­spon­dents say the IT se­cu­rity bud­get has in­creased sig­nif­i­cantly (18%), in­creased some (29%), or has not changed (40%).

Align­ment lack­ing with busi­ness: An IT se­cu­rity strat­egy that spans the en­tire com­pany is still very rare. Fifty-eight per­cent of re­spon­dents in­di­cate IT se­cu­rity is a stand­alone func­tion and only 22% say se­cu­rity is integrated with other busi­ness teams, while 45 per­cent say their se­cu­rity func­tion does not have clearly de­fined lines of re­spon­si­bil­ity. Seventy-five per­cent of re­spon­dents say that due to the lack of in­te­gra­tion with busi­ness func­tions, turf and silo is­sues have ei­ther a sig­nif­i­cant in­flu­ence (36%) or some in­flu­ence (39%) on IT se­cu­rity tac­tics and strate­gies.

Recog­ni­tion of se­cu­rity as a busi­ness pri­or­ity is re­ac­tive: Sixty per­cent of re­spon­dents be­lieve their or­ga­ni­za­tions con­sider se­cu­rity to be a busi­ness pri­or­ity, yet only 51% say their or­ga­ni­za­tion has an IT se­cu­rity strat­egy, and of those only 43% say that strat­egy is re­viewed, ap­proved and sup­ported by other C-level ex­ec­u­tives. The find­ings in­di­cate that change in se­cu­rity pro­grams is largely re­ac­tive, with ma­te­rial data breaches (45%) and cy­ber se­cu­rity ex­ploits (43%) the top two events that get at­ten­tion from other se­nior ex­ec­u­tives. Crises driv­ing in­flu­ence with ex­ec­u­tive lead­er­ship: Sixty-five per­cent of re­spon­dents say CISOs com­mu­ni­cate di­rectly with se­nior ex­ec­u­tives, but rarely is it strate­gic dis­cus­sion of all threats to the or­ga­ni­za­tion. Forty-six per­cent ad­mit­ted com­mu­ni­ca­tion with the CEO and board of direc­tors solely hap­pens in the event of ma­te­rial data breaches and ma­te­rial cy­ber-at­tacks while only 19% re­port all data breaches to the CEO and board of direc­tors.

AI is a po­ten­tial so­lu­tion to staffing needs: A tal­ent short­age in IT se­cu­rity con­tin­ues to loom large for CISOs. The av­er­age head­count of IT se­cu­rity per­son­nel will in­crease from 19 to 32 full-time (or equiv­a­lent) em­ploy­ees over the next two years, with nearly half (42%) feel­ing their cur­rent staffing is not ad­e­quate. Fifty-eight per­cent say they have difficulty hir­ing qual­i­fied se­cu­rity per­son­nel, with the big­gest chal­lenges iden­ti­fy­ing and re­cruit­ing qual­i­fied can­di­dates (56%) and an in­abil­ity to of­fer a mar­ket-level salary (48%). These chal­lenges are push­ing com­pa­nies to look else­where for solutions – half of re­spon­dents (50%) be­lieve com­puter learn­ing and ar­ti­fi­cial in­tel­li­gence can ad­dress staffing short­ages, and 70% be­lieve these tech­nolo­gies will be im­por­tant to their IT se­cu­rity func­tions in two years.

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.