Dating back to the 1990s, the role of CISO was more technical and IT-focused.
CISOs face more risks than can be resolved, are expected to balance security with operational capability, and must convince leaders to invest in protection.
Today, CISOs are also expected to defer to business needs while still being accountable for breaches.
At networking events, I'm seeing more and more CISOs with business backgrounds focusing less on the cyber aspects of the job and more on supporting business priorities.
In 2024, we need to rethink the role of the CISO yet again.
Today's CISO must help their organization understand that prioritizing risk reduction is key to the business's resilience in the face of modern threats.
Today's CISO: The Resilient Politician CISOs once were able to sell their importance based on the idea that, in cyber terms, the sky was falling.
CISOs' focus shifted from risk avoidance to risk posture and consideration of what level is acceptable in the pursuit of business goals.
With the proliferation of ransomware, CISOs must not only prevent, detect, and remediate security risks, but now must consider how resilient the systems are from cyberattacks that can put the company out of business.
The good news for CISOs is that many of these roles have been elevated to a genuine C-level position.
Considering the increasing pressure from the Securities and Exchange Commission and Department of Justice regarding CISO accountability in the wake of a cyberattack, this position is quickly becoming untenable.
The Next Stage for CISOs To be successful today, CISOs need to develop new skills while maintaining strong fundamentals.
How a CISO goes about this can vary, depending on whether board members' experience is in technology or business.
CISOs need to be comfortable developing a risk-based approach focusing on the importance of resiliency, because attackers will get in.
CISOs should build a deeply technical team that can focus on key security practices.
CISOs must not rely on assumptions about how to respond; running through and testing all response plans is vital.
In recent years, CISOs at major companies have been let go, called to testify in court, and, in some cases, charged with crimes.
A New CISO for a New Threat Landscape The enterprise IT landscape has changed significantly over the past 40 years, becoming increasingly dispersed, cloud-based, and central to conducting business.
With so much change, it's unrealistic that the CISO of today should operate in the same way as in decades past.
In this new environment, CISOs must redefine how they balance cyber-resilience and operational demands, interact with senior leaders and the board, and deliver team and technical leadership.
This Cyber News was published on www.darkreading.com. Publication date: Tue, 19 Mar 2024 14:05:15 +0000