CISO

Navigating the complexities of today’s digital landscape, it's clear that cyber security can no longer be the sole accountability and responsibility of one person -- the CISO. As cyber threats evolve, becoming more frequent and sophisticated, a single individual can't feasibly manage it all. As a result, and at some point in the future, we may dare to consider that the traditional CISO role might eventually become obsolete as business units become secure-by-design.

We need to pivot. Rather than placing the weight of managing an organization's entire security on the shoulders of one person, we need to integrate cyber security throughout every layer of our operations. This means moving towards a world where every business unit and every employee in an organization understands and owns their role in maintaining cyber security.

The cyber talent shortage is a greater concern for CISOs than ongoing economic uncertainty, according to the latest Information Security Maturity Report from ClubCISO and Telstra Purple.

Insufficient staff is named as the top (51 percent) concern for CISOs when asked which factors most affect their ability to deliver against their objectives.

A new study of over 200 CISOs and senior security leaders at organizations with over 5,000 employees shows that 93 percent have suffered at least one cyberattack in the last year and all of them think the security landscape is worsening.

The research from Censys also shows that 53 percent identify the need to secure their organization's entire attack surface as their top priority.

Today’s digital-first economy has transformed the role of the modern CISO, increasing threats and changing security priorities. New research from Salt Security shows that 89 percent of CISOs report that the rapid deployment of digital services has generated unforeseen risks to securing critical business data.

The study of 300 CSOs and CISOs around the world reveals the top risk as being personal liability and litigation resulting from security breaches, with 48 percent of CISOs citing that challenge.

The latest Security Maturity Report, published today by ClubCISO, shows 76 percent of CISOs reported no material breaches over the past year, up from 68 percent in 2022.

Despite the difficult economic climate, heightened global tensions and the onset of new technology making cybercrime easier, 60 percent of those surveyed say that no material cyber security incident had occurred in their organization over the past 12 months.

The Great Resignation and tech layoffs have pushed staff turnover to an all-time high. And with every personnel change, years of institutional knowledge are lost in the transition. That information can be critically important for security executives, like CISOs, who must be the ultimate stewards of organizational security across an ever-changing attack surface.

Organizational environments today are increasingly complex and constantly evolving, making it challenging to understand exactly what is at risk at any given moment. For CISOs joining an organization, it is vital to understand exactly what is on their environment to effectively secure it.

In 2023, Chief Information Security Officer (CISO) continues to be an important role with a broad reach for securing every aspect of a business, their people and systems. The security team reporting to the CISO is responsible for protecting thousands of IT devices and systems dispersed across broad geographic areas from attackers who also may be anywhere on the planet. Additionally, modern infrastructures are dependent on sophisticated security technologies to monitor traffic and distinguish between normal, everyday activities and potentially malicious activity due to the ongoing threat of attacks.

The security information and event management (SIEM) tool is one of the security team’s most crucial. With a large market of SIEM vendors, the type of SIEM that CISOs decide to deploy is highly flexible and must be aligned to the business that the CISO protects. It’s important for CISOs to fully evaluate the business and their unique goals to develop the criteria they need in a SIEM.

According to a new study, 86 percent of software developers and AppSec managers surveyed have or know someone who has knowingly deployed vulnerable code.

What's more the study from Checkmarx shows 88 percent of AppSec managers surveyed have experienced at least one breach in the last year as a direct result of vulnerable application code.

As a report last year showed, the change to working habits over the last few years has gone hand-in-hand with a rise in the theft of data.

We spoke to Cyberhaven CSO, Chris Hodson, to find out how enterprise CISOs can meet this challenge and keep their data safe.

Although more than 70 percent of companies say they have an insider risk management (IRM) program in place, the same companies experienced a year-on-year increase in data loss incidents of 32 percent, according to a new report from Code42 Software.

Based on a survey of 700 cybersecurity leaders, cybersecurity managers and cybersecurity practitioners in the US, conducted by Vanson Bourne, the report shows 71 percent expect data loss from insider events to increase in the next 12 months.

A new survey of over a thousand CISOs from large enterprises in the US and UK, finds that 93 percent are concerned about dark web threats and 72 percent believe that intelligence on cybercriminals is critical to defending their organization.

The report from Searchlight Cyber looks at how CISOs are gathering data from the dark web to improve their security posture.

A new study from extended detection and response platform Cynet finds 94 percent of CISOs in small to mid-sized companies report being stressed at work.

What's more 65 percent admit work-related stress issues are compromising their ability to protect their organization. Among the CISOs surveyed, 100 percent say they need additional resources to adequately cope with current IT security challenges.

Thanks to improved security technology, most cyberattacks now rely on some element of social engineering in order to exploit the weakest link, the human.

Phillip Wylie, hacker in residence at CyCognito, believes CISOs now need to take a step back and focus on the overall picture when it comes to security. This includes securing internal and external attack surfaces, and testing the security of these environments, as well as educating employees about the risks.

The role of the CISO has always been a somewhat secondary one in terms of the overall big picture of running a business.

However, a new study from cybersecurity company Coalfire shows that the CISO role is maturing quickly, and gaining more of a voice in the boardroom.

The current economic downturn has meant significant budget cuts for many enterprises. But cyberthreats continue to escalate and businesses need to take them seriously.

This means that more than ever CISOs must prove the value of their cybersecurity programs to senior management. But how can they do this effectively? We spoke with Tim Erlin, VP of product innovation at SecurityScorecard to find out.