such as the latest body of knowledge on how to secure certain assets , those quickly change when threat actors change their techniques . Therefore , CIOs should encourage their teams to understand threat actors , their motivations and their practices . This enables IT teams to prioritise the defences they need to deploy . Threat modelling exercises that are informed by the latest techniques , tactics and procedures can be a valuable exercise to continuously test an organisation ’ s cybersecurity muscles .
Now think about this in terms of what the British Library stands for . Its culture , and the purpose of the library , is all about sharing , maintaining and protecting access to knowledge for all . So , it makes perfect sense that in this scenario they would still embrace the need for sharing knowledge as it is second nature to them as part of their culture .
This is the position that CIOs should seek to reach – having all employees and departments fully embracing cybersecurity in a way that is in lockstep with their organisation ’ s corporate identity . Only then will we see employees engage with the continued development of skills to defend the organisation against cyberthreats . After all , each department will have a different level of maturity when it comes to cybersecurity However , each department plays an important role as security extends beyond just the IT team .
It is from this springboard that the CIO can then introduce some of the more well-known methods for enhancing cyberskills , such as gamification , identifying ‘ security champions ’ launching crossfunctional projects , focus periods and sharing good practice . In my opinion one of the most important tools that can be deployed is active ‘ fire drills ’ and post-event debriefs so there is a continuous cycle of learning throughout the business . But none of this can be done if it doesn ’ t resonate with all employees and is a part of the culture and identity of the business .
Christine Bejerasco , CISO at WithSecure
When trying to enhance the cyberskills of their teams , it ’ s critical that CIOs do not underestimate the importance of flexibility and adaptability . Cybersecurity is an ever-changing landscape – technologies and threats are constantly evolving – and therefore how IT teams manage cyber-risk also needs to adapt . IT teams should be flexible to new tools , as well as constantly looking to improve their knowledge and understanding of cybersecurity .
Defence works best when you know who you are up against . While there is value in best practices
It is important to note that the physical and digital realms have converged . Therefore , threats can ’ t necessarily be bucketed into purely physical or purely digital . IT professionals will need to understand when threats change realms , what the implications of those are , and how to defend against them , regardless of whether they are physical or digital .
Every technology or service organisations add to their estate , increases the size of their attack surface . Therefore , CIOs need to ensure that the third parties they are working with share the same risk tolerance . Personnel who are evaluating these technologies will need to have an awareness of who the third parties are , in order not to significantly reduce an organisation ’ s security posture . This means teams must be able to assess the risks associated with new technologies and services and ensure they are working with third parties that share their risk tolerance .
It is also important to understand that being compliant does not necessarily mean being secure , and vice versa . This necessitates information sharing on regulatory , contractual , and certification compliance requirements beyond the context of cybersecurity . There may be an overlap in the requirements , but compliance details could be missed , and issues may arise even when the organisation ’ s security is good . This means teams must be able to understand the difference between compliance and security , and ensure they are meeting both requirements .
Overall , CIOs should prioritise flexibility and adaptability to enhance cyberskills . Teams need to be able to change their knowledge and tools as the landscape changes , understand the motivations and practices of threat actors , adapt to new threats , assess the risks associated with new technologies and services , and understand the difference between compliance and security . By doing so , organisations can strengthen their defences against the rapid development of cyberthreats and ensure that they are prepared for whatever challenges may come their way .
50 WWW . INTELLIGENTCISO . COM