Modern distributed systems have more complexity, components and data than ever before. Too many companies rely on inefficient and insecure middleware to connect their growing number of applications and microservices. Legacy solutions are falling…Read More
Businesses today are undergoing massive digital transformation fueled by many drivers, such as migration to the cloud, AI, 5G, distributed workforces and more. These changes have created an explosion of data and devices, bringing new cybersecurity risks. Meanwhile, the geopolitical environment and complex software supply chains layer on even more concerns.
Businesses are struggling to keep up. Against all these pressures, the stakes have never been higher for chief information security officers (CISOs) responsible for keeping their businesses secure from cyberattacks. Factor in the current economic environment and resulting downward pressure on budgets, and now CISOs are forced to do more with less.
Last year, the Security and Exchange Commission (SEC) added to the complications with proposed amendments to its rules, which include new ways to report and disclose security incidents to better inform investors about the company’s risk management strategy, including cyber governance. Not only has cybersecurity experience among board members become essential to directing this strategy, but cybersecurity has become a business issue that can no longer be relegated to technology teams holed up in security operations centers (SOCs).
The SEC’s new guidelines are the latest in a broader shift in which leaders across the entire business, not just CISOs, are invested in the overall cybersecurity posture of organizations.
How Boards And CISOs Can Ensure Business Resilience
Boards and CISOs must work closely together to form a mutual understanding of security priorities. This begins with securing a board member with expertise in cybersecurity if there isn’t one already.
In addition to helping to ensure the company’s most senior leadership is well-informed on the latest cybersecurity issues, risks, regulation and requirements (SEC and otherwise), adding another dedicated security expert to the board can help guide the organization to build cybersecurity into strategic initiatives from the start—as an innovation and growth enabler rather than a costly afterthought.
Boards and CISOs must also make a steadfast commitment to resources. They must work collaboratively across stakeholders and the C-suite to raise awareness and advocate for the solutions and budgets necessary to deliver on their joint strategy. One way to do this is to bake cybersecurity into regular board updates, highlighting current risks and recent industry incidents as lessons learned and investment drivers.
In order for any modern organization to be successful, it must maximize its current technology investments while also carving accelerated pathways for the adoption of critical emerging technology—for example, enhanced capabilities in threat hunting and research or tools that build security into the software development lifecycle. These enable the frontline security team members to proactively protect the business.
Finally, boards and CISOs must invest in recruitment and talent development and augment their teams with modern managed Security Providers (MSPs) or a combination of both to ensure their attack surface is properly covered.
They will need to ensure that all employees, contractors and partners are “cyber-ready” and have effective security awareness training. They need to understand that education is a strong prevention tool for threats like phishing scams. Cyber insurance and strong incident response plans are, likewise, necessary when education just isn’t enough.
Working Together To Get Ahead
Cybersecurity is no longer an IT issue but an organization-wide requirement to mitigate risk while enabling innovation.
In order to get ahead of today’s challenges, boards, CISOs and the entire C-suite must come together to not only heed the call of the SEC and the needs of their security teams but to get ahead of incidents with a holistic, intentional strategy that protects the business while anticipating growth and evolution.
***This blog was originally posted on Forbes.com. You can read it here.***
You may also enjoy:
Kathryn Shih is an Entrepreneur in Residence at Forgepoint. Learn more about her background here. Kathryn, your background is unique. You started your career as a software engineer, pivoted to product management, and are now an expert in generative…Read More
Issue: Cybercriminals increasingly target and compromise identities, but detection and response capabilities are behind the curve. Imagine: a cybercriminal installs a browser infostealer on a company engineer’s laptop to access 2FA-backed…Read More