THE POTENTIAL
PITFALLS OF WHICH
EVERY CISO SHOULD
BE AWARE
Modern CISOs face more challenges than ever
as they face off against sophisticated threat
actors. Stephen Moore, Vice President and Chief
Security Strategist at Exabeam, discusses three
of the most common pitfalls that today’s CISOs
encounter, the issues these can cause and how
they can be avoided.
C
hief Information
Security Officers
(CISOs) rarely
have an easy time
of things. They
are responsible
for safeguarding
every piece of corporate, employee and
customer data within an organisation
around the clock, against an army of
unknown adversaries that are constantly
ahead of commonly deployed defences
and controls. What’s more, they are
usually the first head on the block if
anything does go wrong. It’s a highly
stressful job, often a thankless one as
well. For that reason, it’s little wonder
that the average tenure of a CISO is little
more than two years, with many not even
lasting that long.
However, the very nature of the role
means that anyone willing to take it
62
on is likely to be extremely confident
and hopefully knowledgeable enough
to surround themselves with the right
talent. They also tend to have the
resilience to withstand high levels of
scrutiny, especially if or when a breach
does occur.
For an executive whose job it is to
prepare for the worst and hope for the
best, the unexpected surprises that
catch CISOs out and undermine their
position are rarely welcome. But the fact
is they do occur, often more than CISOs
would like to admit. While many may be
due to factors outside of their control,
poor internal communication, planning or
decision-making can play a key part.
Below are three main sources of
unexpected surprises – based on
personal experience – all of which an
incoming CISO should get a handle on
Stephen Moore, Vice President and Chief
Security Strategist at Exabeam
as soon as possible, if they wish their
tenure to prove the statistics wrong.
Inability to execute a swift
security response at the
critical moment
A major part of a CISO’s role is putting
procedures in place that prepare the
company to respond as fast as an
adversary is likely to attack. Without this,
security failures are inevitable. But even
the best-laid plans can go awry.
Here are some realities to consider:
• Incident responses often require
swift and decisive action, which can
be disruptive to business operations.
The rest of the senior leadership
team must be on board with this,
Issue 12
|
www.intelligentciso.com