Are CISOs Prepared For Emerging Tech Risks?
Emerging technology risks and the inability to effectively assess them will prove to be the biggest challenges for CISOs
Photo Credit : Shutterstock
The last couple of years have been a challenging time for the world's security professionals. The industry not only saw daily data breaches and cyberattacks, but it also realized that the actual impacts of many such breaches were larger than the initial estimate.
Along with the existing challenges, the world's information security professionals are going to face radical shifts in the enterprise attack surface. In fact, according to the 2017 Global Cybersecurity Assurance Report Card from Tenable Network Security, there is an overall decline in global cyber readiness fuelled by a pronounced inability to assess and mitigate cyber risks in the new and evolving IT landscape.
The decline in global confidence levels is a result of multiple factors. Security professionals may be experiencing a drop in morale as a result of near-daily data breach headlines, compounded by the fatigue due to the uphill battle to keep pace with emerging technologies and proliferating threats.
Emerging Tech Risks: Biggest Challenge for CISO
Emerging technology trends like cloud, mobile, IoT and containerization provide operational efficiencies and business opportunities to organizations, but they also introduce surprising security challenges. Cloud and mobile were ranked as the world's biggest enterprise security weaknesses in the 2017 Global Cybersecurity Assurance Report Card.
As the adoption of emerging tech continues, reducing risk of data compromise and network breaches in the new dynamic environment can be a challenge. It will become even harder for a CISO to introduce preventive controls and restrictions in such environments, as it often damages the spirit of the employees.
It's evident that practitioners struggle with continuous visibility and assessing risk in the modern workplace. This, coupled with relatively low security awareness among employees and lack of board-level involvement, is going to put pressure on CISOs in the coming days.
To add to their woes, the adoption of DevOps and containers are predicted to increase drastically this year. This will add to the complexity and decentralization of enterprise IT, making it harder for security teams to see everything on their networks and accurately assess cyber risks.
The 'cybersecurity skills gap' will continue to be the elephant in the room. According to research from Tenable, Indian security professionals named the shortage of qualified workers as their second biggest challenge, just behind struggling to keep up with the overwhelming threat environment. With the constantly changing security landscape, these two hurdles have made it difficult for enterprises to stay ahead of malicious actors. It's clear that CISOs will have to deal with multi-faceted issues in ensuring that there is no trade-off between productivity and security.
Intelligence Gathering & Adaptive Framework to be Vital
Despite spending tens of billions of dollars on security products and services each year, organizations around the world continue to be affected by data breaches.
While preventing all of the risks introduced by new technologies is impossible, leveraging data intelligence and continuous visibility to detect and remediate security gaps quickly is possible with the right tools. One also needs to have adequate incident response strategies and mechanisms to deal with the risks introduced by the emerging techs.
These new requirements are already inspiring security teams to re-look at their approach to security. For instance, organizations now realize that basic security hygiene best practices like periodic vulnerability scanning is not enough; they are increasingly looking at continuous monitoring and real-time visibility of networks.
CISOs and their teams must focus on having strong operational metrics that are measured regularly, to be able to understand their security and risk posture, and communicate it to leadership. Most importantly, the organization's security framework needs to be more adaptive and dynamic and must evolve along with the threat scenario.
In a modern enterprise, having the right technology and tools alone can't solve the problems. Practitioners will need to bring in the right mix of technology, adaptiveness and an effective response mechanism to be able to survive in a world where attacks are only going to get worse.
Disclaimer: The views expressed in the article above are those of the authors' and do not necessarily represent or reflect the views of this publishing house. Unless otherwise noted, the author is writing in his/her personal capacity. They are not intended and should not be thought to represent official ideas, attitudes, or policies of any agency or institution.