What CISOs Need to Combat Their Adversaries
Digital CISOs have a new set of responsibilities that requires them to make considerable changes in how they go about securing the business.
Digital enterprises today are not sufficiently protected from cyber-attacks. CISOs need to address a whole range of attacks and threats.
CISOs need to assure customers that communications are actually coming from their company and not a brand imposter. Create a zone of trust in which customers can be certain that any link they click and any correspondence they respond to returns to your company.
IT security leaders should look far beyond their immediate perimeter to a far-out, event horizon where off-the-radar threats, like infrastructure holes and malware, may threaten their security.
Aggressively mitigate and clean up your brand name online. Result: Attackers won’t see you as quite so vulnerable, you’ll become a less lucrative target, and then, hopefully, you’ll fall off your attackers’ radars.
Every major epidemic begins with a “patient zero.” It’s no different with cyber-security; even sprawling attacks originate from a single, compromised point-of-entry—often through a phishing email or rogue mobile app.
If you educate your team in the power of “don’t”—don’t click unfamiliar links, don’t download documents and don’t respond to communications you don’t recognize—your employees will be less likely to cause a headline-grabbing breach.
Even though cyber-preparedness is now a board-level issue, most CISOs have little day-to-day access to the executive committee. They report to the CIO or CFO and often function as a service organization instead of a strategic one. Yet they are held accountable by the executive team when something goes wrong.
To meet lofty board and C-suite expectations, be ready when the braintrust of your organization comes looking for answers. That means having an expanded agenda, innovative ideas and a list of goals.