What keeps CISOs up at night – and how they can get their full 8 hours

Cybercrime is set to grow further, and analysts estimate that the cost to the global economy will skyrocket to £8.4 trillion annually by 2025

While it’s cause for concern for CISOs, this fact alone is not what keeps them up at night – after all, understanding threats is what they’ve trained in for years.

Instead, the challenge is one of leadership: to spin and maintain the complex web of necessary defences, while leading the ambitious, innovative, flexible and scalable businesses of today.

Here’s what really keeps CISOs up at night, and the solutions they can look for to regain the focus, energy, and drive to lead the battle against cybercrime.

“The rest of the business doesn’t see the importance of security”

 They say that security is only as strong as its weakest link. It’s therefore imperative that the entire business knows how to protect it. Instilling that understanding company wide falls to the CISO – an understandably nightmarish thought when we consider the extent of the skills needed.

Within the security department itself, professionals need an understanding of a broad range of the latest technologies, such as cloud, data, and networking — as well as more process-related skills, such as DevOps and ITSM. Among the wider business, security skills are also critical for other IT professionals, ranking as one of the top 5 skills for all other tech roles. For those outside tech, having a zero-trust mentality – committing not to trust users until they prove they are indeed trustworthy – is vital.

The good news is that digital transformation and changes in the work environment, brought about by the pandemic, have put security skills firmly on the C-level agenda. As a result of the upskilling that comes from cybersecurity training, teams can be better prepared for attacks. This can improve security hygiene thanks to the implementation of best practices and cybersecurity frameworks across the entire extended enterprise.

From here, involve your tech team in continuous training and work with the training provider to upskill your security team to help them communicate security awareness campaigns to the rest of the business. This way, you’ll reduce long-term drop-off in vital security skills across the company.

“There simply aren’t enough of us to stop the threats”

The technology skills gap is affecting organisations across the world. The pandemic only served to exacerbate it, with cybersecurity skills among the most sought after, but the hardest to find, as CISOs are all too aware.

However, there are a wealth of solutions available for CISOs looking to strengthen the capabilities of their existing team and allow CISOs to focus on what they do best; leading the security strategy of the organisation.

Managed service solutions (MSS) are increasingly popular following the pandemic. Unlike hardware solutions, MSS are easy to deploy and implement, even for companies that do not have cybersecurity specialists in their ranks, which eases the pain of the skills gap. They can take on threat hunting, detection, and remediation, thereby easing the burden without causing CISOs to lose control. A flexible provider will allow for multiple options of engagement based on when, where and what kind of breach has happened – all led by the CISO’s preferred course of action.

Artificial intelligence (AI) and machine learning (ML) technologies have become an essential part of modern security infrastructures. Similarly, these solutions allow a hands-off approach for the CISO, as they take on repetitive tasks as well as those more accurately and quickly done by machines. Training your team to integrate AI and ML into your security posture can create stronger defences than ever.

The confidence to protect the enterprise is not just a dream

It’s easy to understand why a CISO’s cold sweats may be caused not by the threats themselves, but by the pressure of maintaining a strong security posture in the modern enterprise.

With so many endpoints, people and regulations to take care of, the CISO role requires navigating a complex web of relationships and technologies.

However, CISOs have a vital tool up their sleeves to do this seamlessly: their own support web of training, communication, technologies and service providers. This way, they can focus on leading the business’s security plans from the front, without worrying that gaps will be found by attackers.

However, it’s also imperative that CISOs can also show up to work with energy, confidence and a plan to defend the business each and every day.

About the Author

John Davis is Director UKI & Nordics at SANS Institute. SANS is the most trusted and by far the largest source for information and cybersecurity training and certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet’s early warning system – Internet Storm Center.