Intelligent CISO Issue 06 | Page 75

It’s vital therefore that CISOs ask awkward questions of those responsible for managing cloud services and make sure they have all the training that they need. the country is in the top tier globally for developing expertise in this area • Third party risk. Digital Shadows discovered how third parties are exposing information that can provide highly valuable information to sophisticated actors with 545 SAP configuration files publicly exposed on misconfigured systems. This is just one example – third parties such as contractors and suppliers are often the weakest link and can leak important company secrets. Firms need to get much better at managing this www.intelligentciso.com | Issue 06 • Cloud security. In April, Digital Shadows found 1.5 billion business and consumer files exposed online. Many of these were on cloud services such as Amazon S3 buckets. The issue isn’t that cloud services are inherently insecure, oftentimes they are misconfigured. It’s vital therefore that CISOs ask awkward questions of those responsible for managing cloud services and make sure they have all the training that they need • National security. All CISOs need to track geopolitical and national security issues. Threat actors that are suspected of being affiliated with nation states are among the most capable. They can, and they do, steal intellectual property as well as disrupt organisations that are deemed to be in their national interests. As we have seen with EternalBlue, what starts off as a nation state tool can quickly become subverted and used for other ends by other cybercriminal groups. Keeping an eye on the national picture can give us a clue as to what will hit the ‘mainstream’ later on As a CISO, you have the opportunity you’ve longed for – to work closely with your peers at the c-level and interact directly with the board with the aim of demonstrating value to the organisation and buy-in for new initiatives. By putting knowledge of the business and risks first and understanding how and what to communicate to the board, you can transition successfully. u 75