Security News

Our report reveals that 50% of global CISOs still feel their organization is unprepared to handle a cyber attack and 56% consider human error to be their biggest cyber vulnerability, with established work-from-anywhere setups and The Great Resignation presenting new challenges around information protection. CISOs are more confident about their cybersecurity posture: after two years of unprecedented disruption, CISOs now feel more in control of their environment: 48% of CISOs surveyed feel that their organization is at risk of suffering a material cyber attack in the next 12 months, compared with 64% last year.

Half of global CISOs feel their organization is unprepared to deal with cyberattacks. As part of Proofpoint's "2022 Voice of the CISO" report, it was revealed that 50% of 1,400 CISOs surveyed feel their company is unequipped to deal with a cyberattack, and 48% feel that their organization is at risk of suffering a material cyberattack within the next year.

In this article, I'd like to explore some of the threat detection program challenges CISOs are facing and provide some tips on how they can improve their security operations. CISOs ensure the security operations program for threat detection, investigation and response is executing at peak performance.

Failing to adequately screen suppliers' security can lead to data breaches, which can shut down operations, damage customer trust and incur hefty regulatory penalties. An automated security questionnaire platform can vastly accelerate and scale the vendor security evaluation process.

It is vital that every CISO can offer a clear picture of how their security is really holding up against the latest tactics, techniques, and procedures. A red team exercise may not even need to exploit any technology-related vulnerability; rather, testers can rely on social engineering, phishing, or identifying shadow IT as an entry point.

Where should the CISO report for maximum effect? How does the CISO gain that valuable seat at the executive table, and a regularly scheduled time slot every quarter in front of the board? Is it possible that broad technical competency may be superior to deep technical expertise for this C-level role? And if you are the CISO who thought you signed up for an IT-centric, inward-facing role, I have a few nation-state and cybercriminal actors to introduce to you. It's clear that your organization's brand is as much an asset as the devices and networks that the CISO is charged with protecting - in fact, the brand may be your organization's largest single asset.

Ben Smith, Field Chief Technology Officer at NetWitness spoke to the obstacles faced by those in the CISO role today along with what can be done to improve organizations safety and while remaining compliant with the new reporting regulations put into law. "A lot of the CISO's day job revolves around technology, whether it's defensive technology or in some cases, offensive technology. One of the big challenges I think a lot of CSOs have today is where should that role be set in the organizations."

With not just ransomware gangs raiding network after network, but nation states consciously turning a blind eye to it, today's chief information security officers are caught in a "Perfect storm," says Cybereason CSO Sam Curry. "One of the values that we [CISOs] give an organization is to start thinking about what is that next level? What are they going to pivot to next?".

CISOs report to CEOs, CIOs, CTOs and more, and the skills needed depend on the nature of the business and who they report to. Reporting lines do not dictate power or the value of a role, but when most CISOs are still reporting to a technical leader - this limits the ability to be strategic and dilutes value.

A comprehensive third-party security program can align your vendor's security with your internal security controls and risk appetite. The right third-party security management platform can be a smart way to get your program off the ground or automate the one you already have in place.