Sunday, 27 October 2019
3 Ways That CISOs Can Remain in Control of Their Enterprises
The emergence of modern SOCs, risk assessment practices, and vendor driven services, are likely to boost the performance of the CISO role.
The recently concluded Gartner Security and Risk Management Symposium in Dubai, presented some jaw dropping statements. One of them was that 95% of GCC CIOs expect cybersecurity threats to get worse.
Clearly CISOs are anticipating the consequences of various ongoing external challenges including growing technology complexity, growing sophistication of global and regional threat actors; and internal challenges such as disconnect on security spending, existing chasm with the Board, and lack of eye to eye with business peers, to impact them going forward.
While digital transformation and cloud adoption is now on the drawing board of almost every CEO in the region, they are equally wary to exposing the organization to unanticipated threats from Cloud and other digital initiatives such as IOT etc.
For example, industrial and manufacturing organizations that use control systems and automation, are now fully aware that a cyber security breach in the ICS systems , can also impact them in the mechanical world, destroying expensive equipment and paralyzing their core operations for days and paralyzing the business
The sheer lack of qualified and skilled cyber security and risk management talent is also throwing another spoke in the wheel. The number of unfilled cybersecurity roles globally is expected to grow from 1 million in 2018 to reach 1.5 million by the end of 2020.
In another performance indicator about the region, Gartner analysts point out $825 million will be spent in 2020 on cybersecurity services in the MENA region. This will be out of a total enterprise security spending in MENA of $1.7 billion in 2020, or close to 50% of the total. In other words, delivering cybersecurity services will drive half of the regional MENA market dynamics.
Managed Security Services are proving extremely popular in the region due to lack of in-house skills. The wide, global and regional shortage of skilled security professionals implies that regional organizations will need to start thinking very differently about recruitment and retention.
Here are some other independent trends that regional CISOs and security risk management heads need to be aware of.
- Regional enterprises need to look at revamping their security operation centers and taking them to the next modern level. Going forward, security operation centers will need to balance their capabilities across prevention, detection and response. Security operation centers will increasingly be looked at, as a business asset.
This change is expected to happen rapidly and by 2022, 50% of global security operation centers will transform into modern setups with cutting edge security solutions, integrated incident response, threat intelligence and threat hunting capabilities, up from less than 10% in 2015.
- Communication with business peers:- while being increasingly invited to attend steering group meetings the road to enhance the security posture is still a challenging one as CISOs and security risk managers. are struggling to connect the dots between security vulnerabilities, security spending, and business critical operations.
Going forward, they will need to present their boards, solutions that will provided continuous visibility to the business risks originating from cyber threats, compliance to regulatory standards, KPI indicative of cybersecurity plans and initiatives, etc.
- With cyber security skills in shortage, vendors may soon face the inevitable inflexion point where there are no longer skills in the market to support their product and solution sales. Vendors are expected to move towards a model of selling out hardware and licenses with services. CISO should adapt the trend to taking various security solution as service where possible rather than trying to build it in-house.
Moving forward, CISOs and security risk management heads will need to master the above strategies and practices to remain in the race.