Drowning in a sea of cybersecurity tools?
As quickly as technology is advancing, organizations’ cybersecurity leaders are challenged to keep up with their companies’ security portfolios and the countless available tools. In order for chief information security officers (CISOs) to get the information they need to evaluate the effectiveness of innovative technologies and find the best security tools for their organizations, cybersecurity strategist J. Wolfgang Goerlich suggests “focusing on key areas” and networking with CISOs in other organizations to gather insight on security tools and trends. In Alan R. Earls’ piece, Goerlich and additional CISOs and experts weigh in on finding the best security tools, emphasizing the importance of analyzing new products and technologies, testing solutions in controlled environments and having close partnerships with other stakeholders in an organization throughout the solution selection and deployment processes.
Cybersecurity Plans See More Executive Support, Study Shows
A recent Southern Methodist University study found that as cybersecurity risks become more apparent to organizations, chief information officers (CIOs) and CISOs receive more administrative and financial support for their security measures from senior management and the board level. Additionally, while CISOs did not report having trouble finding enough budget for their cybersecurity efforts, they showed concerns about the speed at which executives wanted to move with security measures and their ability to complete all of the projects proposed in their budgets. Sara Heath discusses these and other findings from the study and the patterns that emerged from it.
Cybersecurity: The Hottest Millennial Career Track
The need for cybersecurity professionals has been continually growing, as has the gap between this demand and the availability of people with these skills. Millennials are a key group to attract in order to close the talent gap. Raytheon’s recent global survey of millennials found that 41 percent of respondents are interested in cybersecurity careers if they know what the job entails; additionally, these young people reported not being exposed to cybersecurity careers during their education. Serena Elavia looks at these and other findings from the survey.
60 percent in survey say management is not informed about cyber risks
A recent NopSec survey of IT and security professionals sheds light on their struggles to address growing numbers of vulnerabilities and security challenges. For example, despite most of the respondents reporting that their organizations scanned regularly for vulnerabilities, 51 percent said data overload prevented them from addressing vulnerabilities and 46 percent said a lack of resources was a barrier. Jeremy Seth Davis discusses these and other survey findings and shares NopSec’s insight on how executives should move forward.
Is the board’s involvement in cybersecurity really that critical?
Many leaders in the IT and security fields say that cybersecurity should be a board-level issue; George V. Hulme breaks down what a board can actually do to improve cybersecurity efforts at an organization. Experts interviewed agree that boards can set the tone for security at their organizations, help security teams focus on what matters most at their organizations and sync with security teams to allow for policies and priorities that best protect the organizations from attack. According to Lloyd Marino, CEO of Avetta Global, it is important to create and implement policies that focus on critical assets and business requirements, which might not be a concern for IT departments. Hulme argues that boards and top executives must be involved in cybersecurity discussions now and in the years ahead.
Organizing cybersecurity roles from enterprise to operations
As cyber attacks and threats become more prevalent in the connected world and more prominent in the media, federal agencies, like many other types of organizations, are shifting toward bringing cybersecurity roles into the C-suite of executives. “We really need to do a much better job of taking a look at risk management as a fundamental part of the planning, preparing and execution of our organizational missions,” said Bradley Nix, deputy director at US-CERT. Nix and other executives discuss the shift and how organizations should place security leaders in their management structures.
The challenges of third-party risk management
Verizon’s latest Data Breach Investigations Report says that in 2015, “the estimated financial loss for 70 organizations in various industries around the world from 700 million compromised records was $400 million.“ With the high costs and prevalence of data breaches, it’s important for organizations to take cyber threats seriously, and according to Michelle Drolet, cyber risk management should include scrutinizing vendors and other third parties. Drolet discusses regulations on third-party risk management, key steps to take to identify and assess vendor-associated risks and the problems with traditional assessments.
CIOs Face Expanding Security Concerns
Cybersecurity threats and data breaches are growing in prevalence and scale, causing a shift in how CIOs are approaching their risk management. Steve Durbin highlights some considerations for CIOs as they prepare to address cybersecurity risks in their organizations, including taking more integrated, holistic approaches to risk management, treating privacy as both a compliance issue and a business issue, emphasizing cyber resilience (“ensuring the sustainability and success of an organization, even when subjected to the almost inevitable attack”), establishing standard security measures and conducting cyber risk assessments, and suggests four actions organizations can take to better prepare.