for such tasks. However, what they
often don’t realise is that a lot of these
vendors actually fail to meet the stringent
data protection standards that the
organisations themselves must adhere
too, leaving them at risk of breaching
compliance regulations. Taking the time
to thoroughly vet external partners is
critical for any CISO looking to avoid
financial/reputational damage, as well as
major embarrassment in the event of a
security breach.
64
Remembering to think like the
enemy on a regular basis
Unlike CISOs, hackers are not bound
by corporate rules or protocols and
their only goal is to identify and exploit
any vulnerability they can find in an
organisation’s defences.
Furthermore, their general lack of
formal qualifications means they tend
to behave in unpredictable ways,
employing outside-the-box thinking
and novel tactics to remain undetected
by conventional security tools. In
order to get on the same wavelength,
CISOs need to understand the hacker
mindset. This requires stepping away
from the distractions of day-to-day
operations and just taking the time to
conduct personal research, speak with
colleagues or liaise with law enforcement
agencies about the latest tactics and
tools being used. Cybersecurity is one
Issue 15
|
www.intelligentciso.com