Tag Archives: CISO

Immediate Vault Immediate Access

How Cybersecure is Your Company?

Posted on by

cyber headlines

It should come as no surprise that security has moved from an afterthought at global organizations to a front-and-center consideration, often involving the CEO and board of directors. Headlines of the world’s largest companies involved in breaches are rampant, and will only increase as organizations accelerate their digital transformation plans and in doing so create lucrative opportunities for bad actors to steal valuable assets. Businesses are inherently interested in making money, and cybersecurity crimes have a significant impact on their bottom line. In fact, it is estimated that cybercrime will cost $2.1 trillion by 2019, according to Juniper Research.

For C-level execs and board members alike, their real understanding of cyber-exposure is too often binary: Are we on the front page of the Wall St. Journal or Not? While this may be an unfair over-generalization for tech-savvy board members, it is clear that cybersecurity is now included in their “fiduciary duties.” With increasing investments going to security software, consultants, and now cyber-insurance, executives and officers must know the risk profile of their digital systems and security service level agreements (SSLAs).

Organizations looking to maintain their competitive edge will take a new approach to security from the first line defenders in the IT department to the boardroom. The quickest and simplest step in moving the right direction must be to answer “How secure are we as an organization?”

The Best Defense is a Good Offense

Forward thinking organizations are appointing board members that have recognized this security paradigm shift and are moving from a defensive to an offensive mindset when it comes to protecting their assets. Some companies, like AIG, Blackberry, General Motors and Wells Fargo are even going so far as to appoint board members with cybersecurity expertise. While it isn’t mandatory that organizations have cybersecurity experts on their boards, the reality is that no board can escape responsibility, and digital threats will only become more a part of daily business life.

Ask the Right Questions

Beyond asking “How secure are we?” board members should ask their CISOs and security professionals whether their resources and budgets are appropriate. While CISOs will likely always ask for more, they need to be able to demonstrate specific holes and needs or anticipate pending regulatory changes specific to their industries. It would also be wise to regularly ask what internal changes have been made in light of developments in the industry. Additional questions that should be asked include:

  • How are you designing a security posture that does not slow down business operations?
  • How do we know that data/IP systems not in our control are safe and secure, such as internet of things (IoT) and cloud?
  • How do we ensure that we are ahead of new regulatory requirements coming down the pike?
  • Who is responsible for security—CISO, CIO or risk & compliance officer?
  • What is our risk score matrix?

Establish a Seat at the Table

For CISOs, this new attention can be a double-edged sword; while the increased visibility of their position could be beneficial to their own importance to the company, their performance will be scrutinized by the highest levels of management.

CISOs and their security equivalents presenting to the board require a persistent seat at the table. Bringing them in just for an annual report will leave many questions unanswered and does not paint an accurate picture of the organization’s risk profile. Continual updates should include both positive and negative developments, which will make budget increase requests more likely when needed.

These experts should also be expected to provide detailed analytics and a tailored executive dashboard that demonstrates the progress made against goals and benchmarks. The sophistication of these dashboards will depend on the board’s expertise but educating these members should be included in any presentation.

Put a Price on it

When taking these steps and bringing security to the forefront of business planning, each board presentation will allow organizations to make security a marketable attribute. Consumers are becoming increasingly fickle about doing business with organizations that have been breached and as a result are looking for assurance that they and their data will be secured. Promoting your organization’s commitment to security can be a valuable asset to the company’s bottom line. Board members can play a significant role in shifting perception and reality in the marketplace and would be wise to ask more questions to get closer to answering “How secure are we?”

Gaining Cyber Confidence With a CISO

Posted on by

Businesses aren’t the only ones struggling to ramp up budget allocations to fortify against cyberrisk.

buy proscar online azimsolutions.com/wp-content/uploads/2023/10/jpg/proscar.html no prescription pharmacy

In his new $4.1 trillion budget proposal, President Obama has asked for billion for cybersecurity efforts, a 35% increase from last year.

buy ivermectin online azimsolutions.com/wp-content/uploads/2023/10/jpg/ivermectin.html no prescription pharmacy

The president directed his administration to “implement a Cybersecurity National Action Plan (CNAP) that takes near-term actions and puts in place a long-term strategy to enhance cybersecurity awareness and protections, protect privacy, maintain public safety as well as economic and national security, and empower Americans to take better control of their digital security.” In addition to a cybersecurity awareness campaign targeting both consumers and businesses, the plan calls for government-wide risk assessments, a nation-wide push for a range of better consumer data security measures, and a range of initiatives to attract more and better cybersecurity personnel. Some of these new employees will offer cybersecurity training to more than 1.4 million small businesses, and the Department of Homeland Security is expected to double the number of cybersecurity advisors available to assist private sector organizations with risk assessments and the implementation of best practices.

Obama’s plan also takes a page from the private sector, creating the position of Federal Chief Information Security Officer to drive cybersecurity policy, planning and implementation across the federal government.

Many organizations have begun to see concrete value from adding CISOs to the C-suite. According to a recent study from ThreatTrack Security, companies with a CISO are more confident about the technology they use to combat malware (83% versus 63% at organizations without one). This is particularly notable as only 20% of those surveyed said their defenses against hackers have improved in the past year—about half of those who said the same in 2013.

“Perhaps CISOs have a better handle on what solutions to implement or are better equipped and positioned in the organization to ensure their team has the solutions they need to defend the organization,” the report said.

Organizations with a CISO also feel more confident about their ability to address cyberrisk. When asked if they felt able to personally guarantee the security of customers’ data, 71% of respondents from companies with a CISO said yes, while only 29% could say the same without someone in this role. CISOs are also making a huge impact on breach preparation and incident response. When it comes to having an incident response team or security operations center to identify and respond to cyberattacks, 94% of respondents at organizations with a CISO had these resources in place, compared to just 49% without one. Concerningly, however, the overall number was 80%, 6% lower than in 2013.

buy zestril online azimsolutions.com/wp-content/uploads/2023/10/jpg/zestril.html no prescription pharmacy

When asked how defending their organization against cyberthreats had changed over the last year, 45% of respondents said nothing had changed, while 35% recognized that it has gotten harder to fight cyberrisks.

ThreatTrack Security found CISOs have also boosted corporate compliance with regard to cybercrime, with only 11% of companies failing to report breaches to customers, partners or other stakeholders, compared to 57% in 2013.