Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Data Breach
  • The Many Challenges of a CISO – The ClubCISO 2021 Information Security Maturity Report
  • Data Breach

The Many Challenges of a CISO – The ClubCISO 2021 Information Security Maturity Report

5 years ago Anastasios Arampatzis
The Many Challenges of a CISO – The ClubCISO 2021 Information Security Maturity Report

We all have heard and read how the pandemic has disrupted our lives, how it has accelerated digital transformation to an unprecedented extent and how it challenged the existing security policies and practices. The question is how the people responsible for fortifying their organizations experienced the whole situation.

Letter from the frontline

The ClubCISO community has surveyed its members to understand how CISOs and organizations in general reacted to this crisis. If there is a lesson to be learnt, this is that organizations need to always be prepared and resilient. Crises come and go, new risks will always emerge, but the goal of every organization should be to continue operations even under the harshest conditions.

The ClubCISO 2021 Information Security Maturity Report is like a letter from the frontline. There was never a time before that CISOs were more important to an organization than the past year. “This past year has told us that CISOs and the wider security function are making a tremendously important impact. They just need to maintain momentum, while ensuring their jobs are still enjoyable and their people are still motivated,” notes Tom Berry, ClubCISO Advisory Board Member in the report’s executive summary.

That increased importance of the CISO function is demonstrated in the survey findings – only 14% of organizations still fail to view infosec as important as CISOs do. It was the CISO who managed to prepare and protect their organization to cope with the demands of the pandemic: 88% of the participants admit that their existing capabilities coped with COVID19, while 66% believe that their organization’s security posture improved or remain unchanged during the pandemic.

To achieve this level of resilience, culture plays an important role. This is indicated by the survey findings: 61% of the respondents reported that the existing organizational culture improved or exemplified security best practices. Building and maintaining a culture of cybersecurity hygiene is important for an organization to be able to evolve its security practices to cope with emerging risks and threats. Hence, it is no wonder that security culture is a hot topic for 56% of the organizations.

Another important factor that helped CISOs succeed in their role is business knowledge. In fact, the report findings indicate that business knowledge is three times more important than technology knowledge for good CISOs. This type of knowledge is required to align security policies with business goals and objectives for security to be an enabler of innovation and not a barrier.

However, not everything is rosy. Being a CISO requires strong guts. Being able to address and successfully protect your organization against sophisticated attacks is a stressful experience. CISOs recognize that and 36% of them admit that the stress their security teams are under affects their performance. The same level of stress is felt by the CISOs, and 10% are leaving their role because of the effect on mental health.

The experts’ opinion matters

Instead of driving you crazy with more numbers and statistics, I thought of asking ClubCISO members to share their opinion on some of the topics discussed in the report. Here’s what they told me.

How is corporate security evolving to meet the demands of accelerated digital transformation in response to the pandemic?

Manoj Bhatt, Head of Cyber Security Consulting and Advisory at Telstra Purple, and ClubCISO Advisory Board member:

“We are generally finding, there are 3 types of organisations. Those that were prepared and ready for the working from home. Those that had a plan and those that hadn’t even considered it. These differ from sector to sector and some have found the seismic shift easier than others. For those that were already prepared for working from home, corporate security has very much stayed the same. For those that have had to accelerate their plans or create new ways of working the corporate security teams have had to accept an element of risk and adapt to these new business models. For those corporate security teams where they have not been able to adapt and support the business they have not been involved in supporting the business transformation. It is recognised that not all security controls might have been embedded and that these will need to be addressed over the coming year, but we should recognise the reality. This year has been about business survival, this does not always fit a neat security framework. 

Regardless of the type of organisation we have seen a growing level of importance being placed on cyber security by organisations and their boards. Everyone is starting to understand the importance of cyber security and over the coming year we will see an adjustment period however the real question being asked is “How do we implement better security?”. This journey will differ for different organisations but it’s now more important than ever to align the corporate security strategy to the business.”

Has the role of CISO evolved during the past 12 months? If so, to which direction?

Stephen Khan, ClubCISO Chair

“The CISO role evolved in three key areas:

1. The importance of the CISO role to an organisation has come to the forefront as the workforce into their homes from offices. Leaders within the business looked to the CISO to secure their data and operational business processes for remote working.

2. This focus increased the visibility of the CISO to the wider organisation, was welcome, however, there was increased demand on CISOs, and their teams to provide secure capabilities going forward.

3. Despite this additional attention and demand, 2/3 of CISO’s and their teams maintained existing security risk posture and also made overall improvements.

In summary, the CISO role has increased its level of importance, and is seen as a key business enabler by business leaders across the organisations.”

Do you believe there is a gap between security and business?

Dr Jessica Barker, co-CEO at Cygenta and ClubCISO Advisory Board member

“Findings from the latest ClubCISO survey, our largest and most international survey to date, reflect real progress in the perception of security as a value-adding business function. The vast majority of the senior security leaders who completed our survey believe that their organisation sees security as being as important as they do, which has increased over the last year. Most reported that their security operations held up well with the impact of COVID-19: the last year or so has really highlighted the importance of resilience, with a forced digital transformation for many organisations and an associated widening of the threat landscape. This has helped bridge the gap between security and the rest of the business, as has an increasing recognition within security that we need to learn more about business culture and align security with the business (rather than simply expecting the business to align with security). This is reflected in organisations’ approaches to security awareness, behaviour and culture, too. The majority of CISOs report a positive security culture and have found that empowering people is a really important part of this, with initiatives such as awareness-raising aimed at people’s home lives, tailored training, champions programmes and bitesize content reported as most effective.”

Conclusion

The ClubCISO report is an essential read for everyone that manages or is responsible for information security within their organizations, and for those involved in managing risk. Business leaders should also read the report findings to get a better understanding of the challenges their CISOs or security teams face.

I would like to thank from the bottom of my heart Jessica Barker, Stephen Khan, and Manoj Bhatt for their time and valuable insights.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.

The post ” The Many Challenges of a CISO – The ClubCISO 2021 Information Security Maturity Report” appeared first on TripWire

Source:TripWire – Anastasios Arampatzis

Tags: COVID-19, TripWire

Continue Reading

Previous The Principle of ‘Least Privilege’ in the World of Cybersecurity
Next U.S. Recovers $2.3 Million Ransom Paid to Colonial Pipeline Hackers

More Stories

  • Cyber Attacks
  • Data Breach

Microsoft Develops Scanner to Detect Backdoors in Open-Weight Large Language Models

3 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

DEAD#VAX Malware Campaign Deploys AsyncRAT via IPFS-Hosted VHD Phishing Files

3 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

China-Linked Amaranth-Dragon Exploits WinRAR Flaw in Espionage Campaigns

7 hours ago [email protected] (The Hacker News)
  • Data Breach

Orchid Security Introduces Continuous Identity Observability for Enterprise Applications

9 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

The First 90 Seconds: How Early Decisions Shape Incident Response Investigations

11 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Microsoft Warns Python Infostealers Target macOS via Fake Ads and Installers

13 hours ago [email protected] (The Hacker News)

Recent Posts

  • Microsoft Develops Scanner to Detect Backdoors in Open-Weight Large Language Models
  • DEAD#VAX Malware Campaign Deploys AsyncRAT via IPFS-Hosted VHD Phishing Files
  • China-Linked Amaranth-Dragon Exploits WinRAR Flaw in Espionage Campaigns
  • Orchid Security Introduces Continuous Identity Observability for Enterprise Applications
  • The First 90 Seconds: How Early Decisions Shape Incident Response Investigations

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT