“Here's What’s Keeping Your CISO Up at Night"
“CISO Survey Paints a Grim Picture”
“Thirty-seven CISO Pain Points”
Being a CISO should come with a disclaimer like a pharmaceutical ad. May cause insomnia, chronic pain and a generally gloomy outlook. At least, that's how the headlines read.
But where are the answers? Plenty of research is done to illuminate what is holding CISOs back. If diagnosing the problem is just the first step - where is a CISO to go from here?
While there's no miracle pill to cure what ails security operations leaders, there are solutions that can take the sting out of some of the most common challenges. Let's explore ways to address three common CISO pain points.
The Anguish: Lack of Sufficient Staff
Two-thirds of cybersecurity leaders say they don't have the staff necessary to handle the daily barrage of alerts they receive. With a well-documented talent shortage and a pervasive approach in most organizations of trying to hire from a small candidate pool, many security roles sit unfilled for three to six months, if not more. This leaves CISOs with teams that are understaffed and missing critical skills.
The Antidote: Better Enable and Train the Talent You Have
If your main challenge is not having enough bodies, you should first look at whether the team you already have in place is working at their full potential. Are you trying to hire more people because your current volume of alerts is too high to be managed by your current staff? Instead of opening that new job req, look at ways to improve your existing team's capacity. Evolving from investigation and triage of individual alerts to case management supported by context-driven insights can go a long way to increasing what your staff can address in a given day.
Maybe you're looking to fill gaps in specific technology expertise. Security orchestration solutions can provide a consistent fabric and interface that allows your team to effectively use each security tool without having to understand the underpinnings of each.
Perhaps it's skill level that's your challenge. Already have a staff of some solid Tier 1 analysts? Look for additional training that can help work their way up to Tier 2 and Tier 3 tasks while exploring ways to automate Tier 1 tasks to reduce the need for backfilling those roles as the team starts to progress.
The Anguish: Getting Leadership on Board
The prevalence of high-profile breaches, incident response missteps and emerging threats would seemingly be enough to make cybersecurity a top priority at the highest levels of any organization. However, most CISOs find they are still fighting an uphill battle to engage their companies' boards and executive leadership, with most saying cybersecurity remains overlooked as a strategic priority among the top brass.
The Antidote: Improve Visibility and Reporting
More than half of CISOs report to a CIO, who has a broad spectrum of responsibilities extending far beyond security. As such, cybersecurity issues have a tendency to get lumped in with other topics in the realm of information/data management and technology and not get the necessary attention. Organizations are starting to change this long-held structure and give CISOs the direct line to the CEO the role needs. If this is happening in your company, great! Now you need to figure out how to make the most of this new executive access.
Numbers talk when it comes to boards and executive leaders. Especially when those facts and figures tie to the bottom line. Odds are, you're already delivering some reporting and metrics to those running your business, but either the cadence isn't regular or the metrics are cumbersome to produce. The key for boards and senior leadership is consistent and customized executive-level reporting.
Explore ways to help your team transform from manual, time-consuming reporting and analysis to dashboard-driven KPI tracking. Gain an understanding from key board members and senior executives about the data that resonates with them and automate the delivery of custom reports on a regular basis. Keeping security operations top-of-mind in a context that speaks to the board's overall goals for the business helps move security operations from tactical necessity to strategic priority.
The Anguish: Emerging Threats and the Next Breach
Sixty-seven percent of CISOs believe their organization will be the victim of a breach this year that will decrease shareholder value and have long-term ramifications with regard to reputation and brand damage. The rise of artificial intelligence, the lower threshold of knowledge required to mount a successful attack and the profitability of cybercrime all point to a continued uptick in threat actors and new exploits. No wonder CISOs aren't sleeping.
The Antidote: Tighten Up Incident Response
If a breach is a matter of when, not if, then incident response is of paramount importance to minimize impact to the business both internally and externally.
Take cues from your organization's business continuity plan (you have one, yes?) and detail the communication and collaboration that will be required in the event of a serious breach. You will want a digital war room that can be used not only by your SOC, but also by teams in legal, HR and communications to automatically keep everyone up to speed and on the same page. Ensure your team has processes clearly articulated and documented. The last thing you want when the moment comes is to rely on a team that doesn't have a clear roadmap for what to do next. Mandate that your team centralize and codify processes via playbooks that serve as the gold standard for how to respond to various cases. Explore ways to automate steps to reduce your team's overall mean time to respond to an incident. And don't forget to pressure test your processes. Simulations help expose gaps and optimize your team's playbooks.
Don't forget the feedback loop. Make sure your team is using the intel gained through the response and remediation of prior incidents to prevent similar issues later on. Each alert, case, investigation and analysis provides vital context that can help your organization more quickly identify attacks as they come in the future.
While there may not be a single magic cure, solutions do exist to treat the symptoms that plague the average CISO. Applying the right mix of resources and shoring up processes can help security leaders start getting a little bit of relief. And maybe even a little bit of much-needed shuteye.