Anguish and Antidote – Overcoming Top CISO Challenges - PowerPoint PPT Presentation

About This Presentation
Title:

Anguish and Antidote – Overcoming Top CISO Challenges

Description:

Two-thirds of cybersecurity leaders say they don’t have the staff necessary to handle the daily barrage of alerts they receive. With a well-documented talent shortage and a pervasive approach in most organizations of trying to hire from a small candidate pool, many security roles sit unfilled for three to six months, if not more. This leaves CISOs with teams that are understaffed and missing critical skills. Visit - – PowerPoint PPT presentation

Number of Views:65

less

Transcript and Presenter's Notes

Title: Anguish and Antidote – Overcoming Top CISO Challenges


1
Anguish and Antidote Overcoming Top CISO
Challenges
2
Introduction
  • Being a CISO should come with a disclaimer like a
    pharmaceutical ad. May cause insomnia, chronic
    pain, and a generally gloomy outlook. At least,
    thats how the headlines read.
  • But where are the answers? Plenty of research is
    done to illuminate what is holding CISOs back. If
    diagnosing the problem is just the first step
    where is a CISO to go from here?

3
Heres Whats Keeping Your CISO Up at
Night CISO Survey Paints a Grim
Picture Thirty-seven CISO Pain Points
4
Anguish Lack of Sufficient Staff
  • Two-thirds of cybersecurity leaders say they
    dont have the staff necessary to handle the
    daily barrage of alerts they receive. With a
    well-documented talent shortage and a pervasive
    approach in most organizations of trying to hire
    from a small candidate pool, many security roles
    sit unfilled for three to six months, if not
    more. This leaves CISOs with teams that are
    understaffed and missing critical skills.

5
The Antidote Better Enable Train Talent You
Have
  • If your main challenge is not having enough
    bodies, you should first look at whether the team
    you already have in place is working at their
    full potential. Are you trying to hire more
    people because your current volume of alerts is
    too high to be managed by your current staff?
    Instead of opening that new job req, look at ways
    to improve your existing teams capacity.
    Evolving from investigation and triage of
    individual alerts to case management supported by
    context-driven insights can go a long way to
    increase what your staff can address in a given
    day.

6
Security Orchestration Solutions
  • Maybe youre looking to fill gaps in specific
    technology expertise. Security orchestration
    solutions can provide a consistent fabric and
    interface that allows your team to effectively
    use each security tool without having to
    understand the underpinnings of each.
  • Perhaps its skill level thats your challenge.
    Already have a staff of some solid Tier 1
    analysts? Look for additional training that can
    help work their way up to Tier 2 and Tier 3 tasks
    while exploring ways to automate Tier 1 tasks to
    reduce the need for backfilling those roles as
    the team starts to progress.

7
The Anguish Getting Leadership on Board
  • The prevalence of high-profile breaches, incident
    response missteps, and emerging threats would
    seemingly be enough to make cybersecurity a top
    priority at the highest levels of any
    organization. However, most CISOs find they are
    still fighting an uphill battle to engage their
    companies boards and executive leadership, with
    most saying cybersecurity remains overlooked as a
    strategic priority among the top brass.

8
The Antidote Improve Visibility and Reporting
  • More than half of CISOs report to a CIO, who has
    a broad spectrum of responsibilities extending
    far beyond security. As such, cybersecurity
    issues have a tendency to get lumped in with
    other topics in the realm of information/data
    management and technology and not get the
    necessary attention. Organizations are starting
    to change this long-held structure and give CISOs
    the direct line to the CEO the role needs. If
    this is happening in your company, great! Now you
    need to figure out how to make the most of this
    new executive access.

9
The Anguish Emerging Threats and the Next Breach
  • Sixty-seven percent of CISOs believe their
    organization will be the victim of a breach this
    year that will decrease shareholder value and
    have long-term ramifications with regard to
    reputation and brand damage. The rise of
    artificial intelligence, the lower threshold of
    knowledge required to mount a successful attack
    and the profitability of cybercrime all point to
    a continued uptick in threat actors and new
    exploits. No wonder CISOs arent sleeping.

10
The Antidote Tighten Up Incident Response
  • If a breach is a matter of when not if, then the
    incident response is of paramount importance to
    minimize impact to the business both internally
    and externally.
  • Take cues from your organizations business
    continuity plan (you have one, yes?) and detail
    the communication and collaboration that will be
    required in the event of a serious breach. You
    will want a digital war room that can be used not
    only by your SOC but also by teams in legal, HR
    and communications to automatically keep everyone
    up to speed and on the same page.

11
Conclusion
  • Dont forget the feedback loop. Make sure your
    team is using the intel gained through the
    response and remediation of prior incidents to
    prevent similar issues later on. Each alert,
    case, investigation, and analysis provides vital
    context that can help your organization more
    quickly identify attacks as they come in the
    future.
  • While there may not be a single magic cure,
    solutions do exist to treat the symptoms that
    plague the average CISO. Applying the right mix
    of resources and shoring up processes can help
    security leaders start getting a little bit of
    relief. And maybe even a little bit of
    much-needed shuteye.

12
Refferences
  • https//www.siemplify.co/blog/overcoming-top-ciso-
    challenges-2/
  • https//www.infosecurity-magazine.com/news/cisos-s
    ee-incidents-growing/
  • https//www.wsj.com/articles/companies-cut-ciso-re
    porting-ties-with-technology-1524515201
  • https//www.siemplify.co/resources/choice-solution
    s-mssp-case-study-download/
  • https//www.helpnetsecurity.com/2018/02/14/ciso-wo
    rry/
Write a Comment
User Comments (0)
About PowerShow.com