Computer and network security presents an ever-moving target, CSOs and CISOs need to take on a proactive role to protect their resources.
This has never been more true than today, as the increasing complexity of computing infrastructure, and the increasing competence of hackers, presents new attack vectors and increasing scrutiny. This new breed of threat means many chief security officers and chief information security officers are faced with completely different set of challenges. Here are some of the biggest they can expect to face.
The Internet of Things
While everyone agrees on the benefits the internet of things is providing by creating more information and services than ever before, each of these devices represents a possible attack vector, and even a small vulnerability can expose valuable company information or a way into corporate systems. One of the biggest challenges CSOs and CISOs will face is keeping track of their growing devices networks, especially when shadow IT is taken into account. The software that powers these devices varies greatly, and managing security across so many operating systems is tricky.
Communication and Managing Expectations
In the past, security breaches attracted little attention, and even large-scale attacks went unmentioned. As attacks become more costly and customer data continues to leak, security is becoming a popular topic in the business field and in the media. CSOs and CISOs will find themselves tasked with communicating to other senior-level employees, and some may find themselves responsible for creating both internal and public documentation explaining their companies’ security. Managing expectations matters as well; threats appear online quickly, and companies need to understand that even top-notch security policies might not be enough to prevent all attacks.
More Sophisticated Attacks
Perhaps the biggest upcoming threat is the growing trend around more sophisticated attacks using tried and true methods. Ransomware, for example, has been around for years, but the potential money hackers stand to gain means they can invest more in finding undocumented security holes. Ransomware attacks are often run by organized crime organizations with plenty of manpower and money to invest. The sheer volume of data stored in databases also makes them valuable targets for governments and other entities, and even “rogue” governments can invest heavily in hacking this data.
Staffing and Budgeting
Although surveys show that non-technical high-level executives claim to take security seriously, their security budgets haven’t grown nearly as quickly as the threat they face. CSOs and CISOs will increasingly find themselves having to ask for more support to keep up with a more demanding security landscape. Even those with a sufficient budget may struggle, however; the there simply aren’t enough qualified people to fill the roles needed to protect businesses from threats.
Governments and Compliance
Increasingly, governments around the world are taking a more active role in setting rules and regulations for companies regarding security compliance standards. For CSOs and CISOs, this means sorting through and interpreting legislation to prevent their companies from being held liable. Issues are likely to arise even under current laws. As security breaches continue to make headlines, those affected by attacks are more likely to try to hold companies responsible in courts, and judgments can be costly for companies and add more demands to CSOs and CISOs.
The role of the chief security officer is evolving and they are now having to take on multiple roles at their companies. As the public pays more attention to security, companies will need to consider their defense investment, find innovative ways to attract the right talent and become more active in engaging the public, all while dealing with increasingly complex threats.