In terms of C-level positions, Chief Information Security Officers or CISOs are relatively new. They began to appear in conjunction with the rise of highly publicized data security scandals within large organizations. In many cases, adding a CISO was simply adding someone on whom to blame a security event, insulating the other officers or the company’s board of the from the fall-out from these scandals.
But this represented a fundamental shift in how businesses viewed their corporate assets and the potential liabilities of a security event exposing them.
Things changed in 2013. 110 million Target customers had their information, including credit card numbers, compromised. The new challenge this scandal presented was third party exposure. Target’s own systems hadn’t been breached; instead one of their third-party point-of-sale vendors was targeted by hackers. Still, the result was the same. This notorious data breach damaged Target’s relationship with customers and still hurts its overall brand.
So CISOs became even more prevalent with the position shifting from a response-centric approach to a more proactive, defensive strategy. The Target breach shows that cybersecurity must be a consideration throughout the organization and should affect decisions about what applications to use and which outside partners to trust.
If organizations were still not taking the increasing cyber-threat seriously enough, the Equifax breach of 2017 should have been the last straw. Equifax, a company that holds the most sensitive and intimate financial information about consumers, had a massive breach which exposed the data of 147.9 million consumers. Equifax’s solutions are used for hiring, attaining lines of credit, and qualifying for housing. If they are vulnerable to hackers, there is no industry or sector that is safe!
Today, CISOs are no longer scapegoats but integral, important members of any responsible organization. Having an executive specifically focused on cybersecurity is invaluable. It allows for an organization to promote good, consistent security practices throughout all functional areas of the business and can keep the organization at the cutting edge of new security techniques. That doesn’t mean the job has gotten any easier. Virtually no firm is immune from security events with 96% of firms experiencing at least one severe exploit.
This inevitability of vulnerability has given CISOs a new chief concern: risk management. There are just too many potential exploits for CISOs to completely eliminate the possibility of a major data breach or security event. Instead, Chief Information Security Officers are tasked with making reasoned, cost-effective decisions that maximize the protection of most critical assets.
This requires a much more diverse skill set than a traditional white-hat hacker, engineering-focused programmer, or others from a technical background. Organizations are re-defining the roles and responsibilities of their CISOs by expanding job criteria to include organizational leadership, business management, and other traditional “soft” skills.
Successful CISOs are able to function across a variety of business initiatives while overseeing security initiatives, supporting digital transformation, and driving business growth. This means valuing the achievement of business and revenue objectives as equally as risk management and compliance objectives.
Without the constant reactive cybersecurity management challenges of the past, CISOs are able to focus on business enablement and strategy. Private enterprises are now seeking CISOs with the deep technical expertise, organizational leadership, and business acumen needed to achieve business objectives. Today, any secure organization has carved out a CISO role to protect against cyber threats. At Peters & Associates, we understand that your cybersecurity objectives are not separate from your business goals: they are interrelated and dependent on each other. We can offer a Virtual Chief Information Security Officer position, as well as a range of important security offerings including free trials of our Weekly Security Audit of Office 365, Vulnerability Scan, and Phishing Test. Reach out to our cybersecurity experts at email@example.com for more information!