Protecting businesses through cybersecurity practices has always been the top priority for CISOs of every organization. Read on to know how CISOs can cope up with the various challenges in the current situation…
Recent time probably has been the most challenging time for a CISO role. The number of cyberattacks & complexity has been growing each day & CISOs were preparing themselves to deal with these. However, what’s challenging them more is their balancing act between managing traditional security operations and driving the organization’s strategic initiatives, giving high priority to transformational changes. I don’t see time going back. The only way left for a CISO is to adapt fast & match their strides with the dynamic business needs. Following are the Five important challenges I see for CISOs in the coming days:
Digital adoption & transformation – Post Covid, the rate of digital adoption & transformation has surprised everyone. This is not going to slow down in the near future. Adoption of the latest technologies, and new / modified business processes is a need of the hour to improve customer experiences or to meet the fresh demands of the changing market. CISOs need to break their silos & work closely with business teams to understand their business & technology requirements. Rather than avoiding it, they need to help them adopt these in the best possible secure manner, without losing precious time. Look out for compensatory controls where desired controls are missing.
Keeping pace with Technology – Since CISOs are expected to secure the complete infra, they’re expected to know everything and become a jack-of-all-trades in a technology-oriented world. New technologies have multiple integration points & different modes of operation. New-age users will be going to explore them all. Similarly, the cybersecurity tools market is also exploding. Therefore, our CISOs are not only expected to be well versed in all technologies their business is adopting but even with the new edge security solutions arriving daily to offer different types of guards against modern cyber threats. Attending security conferences/webinars, interacting in peer groups, and syncing up with partners/OEMs can help them a lot on this.
Cyber resilience – Let’s be ready for the worst. 100% security is a myth. No matter what a CISO will do, the environment can still be breached. Along with putting protection controls, CISOs need to work extensively on the detection, remediation & recovery side. Along with reducing Meat Time to Detect (MTD) & Mean Time to Respond (MTR), they need to focus on building resiliency. They need to minimize the business impact & bring down the recover time. For this they need to test their business continuity plans & recovery strategies at each level. Security playbooks, tabletop exercises & drills come in handy here.
Evolving compliance requirements – Cybersecurity/Privacy related regulations & directives are coming up every day around the world. With globalized business, the organization needs to comply with all of these & not just the law of land. It’s very important for CISOs to remain updated with these new requirements, map their applicability to their business, manage compliance & build the processes around them.
Burnout – While on one side the security & compliance requirements are increasing, CISOs are facing budget challenges. This not only impacts their technology stack but also their team strength & capabilities. The burnout is increasing not just within their team but among the CISOs as well. CISOs can look for possible consolidation of technologies (where controls are overlapping), and integration (where direct or API-driven integration is possible). To reduce alert fatigue & mundane jobs, the use of AI, ML, RPA & automation-driven solutions can help a lot.
Closing thoughts
CISOs sure have a lot to deal with. Collaboration with business leaders, skill building for self & team, and acquiring support & finance from management for a prioritized roadmap will help them. When not possible to secure everything, the equal focus must be on building resiliency.
Contributed by
Aman Chhikara, CISO, Hindalco Industries Limited
