Security News

In this Help Net Security interview, Okey Obudulu, CISO at Skillsoft, talks about the increasing complexity of the CISO role and challenges they face. With the increasing complexity of the CISO role, what are the top three challenges you believe they face, and how can they best address these?

Over 70% of CISOs feel that the importance of information security is not recognised by senior leadership, according to BSS. The CISOs said their top four highest investment priorities in 2023 are change management, information security resilience, data security, and information security assurance and testing. Of the 150 information security decision makers surveyed, 28% of CISOs agreed that the value of their role was recognised by the board.

Board members have those concerns even though 73% view cybersecurity as a priority, 72% believe their board clearly understands the cyber risks they face, and 70% believe they have adequately invested in cybersecurity. "The newfound alignment between board members and their CISOs on cyber risk and preparedness is a positive sign that the two sides are working closer together and making progress. However, this growing alliance hasn't yet delivered significant changes in cybersecurity posture, despite boards feeling good about the time and resources they're investing to combat this risk," said Ryan Kalember, EVP of cybersecurity strategy at Proofpoint.

This relatively low percentage reflects the current state of the industry, where vCISO services are still an emerging market. The vCISO landscape is expected to change dramatically by the end of 2024.

Meatbag errors are keeping CISOs awake at night, according to Proofpoint's "Cybersecurity: The 2023 Board Perspective" report, with 78 percent tapping it as the most significant risk. Global board members remained jittery - researchers found 73 percent felt at risk of cyber-attack.

The role of the CISO keeps taking center stage as a business enabler: CISOs need to navigate the complex landscape of digital threats while fostering innovation and ensuring business continuity. Three CISOs; Troy Wilkinson, CISO at IPG; Rob Geurtsen, former Deputy CISO at Nike; and Tammy Moskites, Founder of CyAlliance and former CISO at companies like Warner Brothers and Home Depot - shared their perspectives on how to run an effective SOC in 2023.

"The most effective CISOs stay apprised of existing and emerging risks so they can provide leadership with context around the most significant threats facing the business, to influence investments and risk decisions accordingly." 63% of top-performing CISOs proactively engage in securing emerging technologies like artificial intelligence, machine learning and blockchain, compared with just 38% of bottom-performing CISOs.

While replacing legacy technologies can be costly, those costs may pale in comparison to a breach - both in terms of immediate financial impact and reputational damage. Here are three ways you can communicate risk to your leadership team as you work to replace legacy infrastructure.

A new State of SaaS Security Posture Management Report from SaaS cybersecurity provider AppOmni indicates that Cybersecurity, IT, and business leaders alike recognize SaaS cybersecurity as an increasingly important part of the cyber threat landscape. When asked to rate the SaaS cybersecurity maturity level of their organizations, 71% noted that their organizations' SaaS cybersecurity maturity has achieved either a mid-high level or the highest level.

In this Help Net Security interview, Kevin Paige, CISO at Uptycs, provides insights into how he navigates the complex cybersecurity landscape, striking a balance between technical expertise, effective communication, risk management, and adaptive leadership. As a CISO, how do you balance maintaining technical prowess with the need to communicate complex issues to stakeholders in simple terms?