Author: Mike Campfield, Vice President of Security, ExtraHop
Chief information security officers (CISOs) and the data security teams they manage, are vital to ensuring the protection of data for any organisation on the digital transformation journey. Although Asia-Pacific companies generally accept the need to undergo digital transformation initiatives, and are moving information to the cloud in greater numbers, the security of the data is not always prioritised. According to a Frost & Sullivan study, 83 percent of APAC organisations don’t think about cybersecurity while embarking on digital transformation projects.
CISOs and their teams conduct highly important work to anticipate cyber risks, identify and investigate security threats, and manage and protect information from internal misuse. CISOs are In many ways, CISOs are generals and their job is not to fight battles but win wars. Too often CISOs are torn away from their strategic roles to fight the everyday battles - keeping them from assuming the long-term planning and strategic oversight that the role is made for. When they should be thinking about the future, they’re stuck dealing with the minutiae of the present.
As more information is migrated to the cloud, the pressure will be on security teams to maintain the same level of protection. To deal with rising traffic volumes, hybrid infrastructures, and increasingly high encryption standards, organisations need to focus on securing top talent and adopting cloud security solutions to support and optimise the team’s efforts. How can CISOs create teams that are positioned to win wars? We have seen successful CISOs create efficient information security teams by assessing their current capabilities, determining resource needs and identifying opportunities to automate to ease the burden on existing teams.
CISOs need to have a clear understanding of the organisation’s traffic and interactions.
CIOs should have clear answers to the following questions when assessing the current information protection capabilities for their organisation:
What can you do well and what do you do poorly?
Where do you have visibility and where is the darkspace within your environment?
What could you do to harden your attack surface?
Most importantly, CISOs should know whether they have an easy way to demonstrate the organisation’s strengths and weaknesses as well as the ability to show progress. You must also assess how compliance-fit your organisation is. Another important area is how compliance-fit their organisation is. Enlisting a third party to run a penetration test, for example, will provide an understanding of the organisation’s traffic and the interactions of its systems, users and applications. Figuring out whether the organisation could report a security breach within expected timeframes will be critical to this assessment. The Asia-Pacific region is being hit with growing cyber threats and governments are responding with measures to protect their citizens. According to a recent study, countries are following the lead of the European Union by enacting their own GDPR-type mandatory data breach notification laws. This exercise will help bring other parts of an organisation into the discussion, giving them a stake in the CISO’s long-term security plans.
CISOs should consider how the effectiveness of their staff can be improved.
In Singapore, cybersecurity specialists are among the hottest technology roles this year, according to a Robert Half report. Technology risk and regulatory technology professionals are also in high demand. HR professionals recruiting for these roles need to ensure the CISO is supported by appropriately qualified and trained staff, amid the widely documented talent shortage across the technology space.
In order to cultivate and develop the skills of existing data security teams, CISOs should allow them to participate in exercises, like the penetration test mentioned above, to help staff expand their skills and awareness of security issues. Supported by qualified and well-trained staff, the CISO can focus on extracting the maximum value from systems like real-time analysis of network traffic to save time, cut down on false positives and maximise the talent, skill and experience of security teams.
Identifying places and routines that you can automate will be important.
The pressures for IT departments to deliver high quality performance and service to the organisation are massive, and solutions in the market allow teams the ability to manage, optimise and secure the network with greater efficiency. When the time to detect and resolve threats are reduced significantly, the organisation can spend more time enhancing end-user experiences. Top solutions in the market also have the ability to dramatically reduce unplanned application downtime because teams can repair issues the first time. Where staff are doing repetitive tasks, CISOs should consider where scripts, integrations, orchestration tools or ticketing systems can be applied to replace time-consuming manual activities with policy-driven execution and more strategic projects to support digital business initiatives. The ROI will also quickly justify the investment
In order for CISOs to successfully protect organisations from current and new security risks, in the near and long term, a combination of tech and talent will be required to achieve this goal. With technology, CISOs and their teams can boil down data to richer, more intelligible information, and with the right talent data security teams can focus on protecting organisations from more sophisticated threats. As CISOs assess their team’s capabilities and develop their skills, it is important that they are aligned with HR to be proactive and creative in attracting new, qualified talent. These efforts will have a major impact across an entire organisation.