In today’s business climate, where hacks and data breaches are a regular occurrence, the role of the chief information security officer (CISO) is of paramount importance, as he or she is responsible for protecting your organisation’s sensitive information and systems, writes Chris Pogue, Chief Information Security Officer, Nuix.
The simple fact of having a CISO in place is not enough to deter cybercriminals on its own. Many CISOs do not have the battleground experience of taking on cyber attackers – whether it is experience as a forensic investigator in cybercrime or running penetration testing. With the sheer volume of cyber-attacks increasing, all CISOs should be willing to learn more about cybercrime. Here are three lessons they should take on board to give themselves a fighting chance at success.
Regardless of industry, size, or profits, if your company holds any data of value, it has already been targeted or it will be in the future.
A CISO should recognise that there is a black market value for all data the organisation is responsible for. Typical examples of information at risk include payment card information (PCI), personally identifiable information (PII) and electronic personal health records (ePHI). The risks organisations face are not only external; they also face increasing threats from within their own walls. Examples of insider threats could be a disgruntled former employee, an individual looking to steal intellectual property to get ahead at a different place of employment or a well-meaning, albeit technically naïve, end-user. A cyber-attack can occur at any moment. CISOs should therefore always be ready to respond accordingly. Realistic penetration testing, threat simulations, user access reviews and security training are all priorities that, when put in place, will ensure that your organisation is in the best possible position to react when a cyber-attack eventually occurs.
To be a strong CISO, you should ensure regular training sessions for your cybersecurity team take place.
Cyber-security training sessions should be made as realistic as possible, as this will significantly decrease the amount of unknowns when an actual attack occurs. While it is impossible to prepare for every eventuality in today’s ever-changing threat environment, the more prepared an organisation is, the better position it will be in to respond to an attack. “Real world” training exercises create a sort of cyber-muscle memory, so that when an attack occurs, the training will kick in automatically. Without the correct training programmes and comprehensive preparation, delays in decision making can be costly. Cyber-attacks will not always offer an organisation the time to contemplate a measured response. The cyber threat landscape should be replicated as closely as possible to ensure the team snaps into action, thus reducing the amount of data criminals can access.
You will never be able to fully anticipate the unexpected.
Compliance is not the same as security; it never has been, never will. Methods of attacks are constantly changing, but having a number of systems in place and hours of training will ensure the organisation is in the best possible position to react appropriately. Checklists are incredibly beneficial for making sure that repeatable steps in routine tasks are completed as needed. However, they should always be used in addition to other systems for security. Governance, risk management and compliance checklists are crucial, but they should never be viewed as a comprehensive guide – being able to adapt and react is just as important. Suitably trained individuals, working against checklists, in an environment with good data hygiene will place an organisation in the strongest position to face cybersecurity threats head on.
This list is by no means a complete guide to facing cyber-attacks. However, these three essential tips will aid any CISO or IT-security department when the inevitable attack does occur. If you are a CISO and you have not already run training programmes for your IT department in cybercrime, you should make that a priority immediately. The more prepared your team is, the better position they are in to safeguard your organisation’s data.
