Security News

Failing to adequately screen suppliers' security can lead to data breaches, which can shut down operations, damage customer trust and incur hefty regulatory penalties. An automated security questionnaire platform can vastly accelerate and scale the vendor security evaluation process.

It is vital that every CISO can offer a clear picture of how their security is really holding up against the latest tactics, techniques, and procedures. A red team exercise may not even need to exploit any technology-related vulnerability; rather, testers can rely on social engineering, phishing, or identifying shadow IT as an entry point.

Where should the CISO report for maximum effect? How does the CISO gain that valuable seat at the executive table, and a regularly scheduled time slot every quarter in front of the board? Is it possible that broad technical competency may be superior to deep technical expertise for this C-level role? And if you are the CISO who thought you signed up for an IT-centric, inward-facing role, I have a few nation-state and cybercriminal actors to introduce to you. It's clear that your organization's brand is as much an asset as the devices and networks that the CISO is charged with protecting - in fact, the brand may be your organization's largest single asset.

Ben Smith, Field Chief Technology Officer at NetWitness spoke to the obstacles faced by those in the CISO role today along with what can be done to improve organizations safety and while remaining compliant with the new reporting regulations put into law. "A lot of the CISO's day job revolves around technology, whether it's defensive technology or in some cases, offensive technology. One of the big challenges I think a lot of CSOs have today is where should that role be set in the organizations."

With not just ransomware gangs raiding network after network, but nation states consciously turning a blind eye to it, today's chief information security officers are caught in a "Perfect storm," says Cybereason CSO Sam Curry. "One of the values that we [CISOs] give an organization is to start thinking about what is that next level? What are they going to pivot to next?".

CISOs report to CEOs, CIOs, CTOs and more, and the skills needed depend on the nature of the business and who they report to. Reporting lines do not dictate power or the value of a role, but when most CISOs are still reporting to a technical leader - this limits the ability to be strategic and dilutes value.

A comprehensive third-party security program can align your vendor's security with your internal security controls and risk appetite. The right third-party security management platform can be a smart way to get your program off the ground or automate the one you already have in place.

The CISO role has taken on greater prominence at a time when cyberattacks have become relentless and increasingly sophisticated, and millions of people continue to work from home. "As cybercrime continues to increase and companies face monetary losses or damages, the role of the CISO and security overall or critical to business success."

Managing the security of your third parties is crucial, but security assessments are riddled with problems, including a lack of context, scalability and relevance. In this comprehensive guide, we provide the direction you need to make your organization's third-party security program efficient and scalable.

To get the assets needed for CISOs to properly do their jobs, business leaders need to invest time, attention, and money in cybersecurity. Here are helpful ways that CISOs can discuss cybersecurity with their C-suite and board members.