The Changing CSO Role: What to Expect in 2015

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://talkincloud.com/cloud-computing/12162014/changing-cso-role-what-expect-2015

The New Year is still a few weeks away, but 2015 is already shaping up to
be rough for chief security officers (CSOs). After waves of high-profile
attacks against major corporations and governments in 2014, many firms are
rightly concerned about their vulnerability. Unfortunately for CSOs, the
usual constraints around funding, available talent and user awareness will
stand in the way of the best security intentions. To meet the rising
security challenge in 2015, CSOs must evolve within their organization and
adapt to the new realities of cybersecurity.

When, not if

It’s an oft-repeated saying that a determined hacker will find a way to
bypass any system, given enough time. While deterrence is important, it’s
just as critical for firms to conduct regular analyses of their cyberattack
preparedness. As many recent attacks have shown, few of the targeted
organizations were primed for the possibility that their systems could be
breached. In one instance, retailer Jewel-Osco suffered two data breaches
within a six week span.

Siloing important data in hopes of mitigating a cyberattack's effects is
unwise, but CSOs do need to understand what information could be accessed
in the event of an attack. Sensitive customer data is a top concern, but
it’s not the only information that (if leaked) can negatively impact brand
reputation or trigger a host of data breach disclosure regulations. Sony’s
recent email leak has led to public humiliation, as everything from
unflattering comments about Hollywood’s finest to corporate politics have
been splattered across the Internet.

Adaptive learning

Even as budgets for new IT projects, and especially security tools, remain
tight, they represent a key component of an organization’s overall
risk-management strategy. Security appliances like Intrusion Detection and
Prevention Systems (IDPS) not only offer enhanced protection, but can help
predict the techniques that intruders may use in the future. For
organizations unable to absorb the expense of an IDPS, a honeypot can still
offer valuable insight into a firm’s IT weaknesses.

CSOs should actively learn from their failures in order to prevent repeated
breaches. Data breach post-mortems are a necessity; firms must be sure to
identify other aspects of their systems that may remain vulnerable to a
similar attack. CSOs must also take the big-picture view of each data
breach: was a data breach linked to an isolated incident, or does it signal
deeper, systemic issues?

Preparing for 2015

Cybersecurity will remain a virtual arms race for the foreseeable future,
but there are steps CSOs can take to reduce the likelihood of a data
breach, and mitigate fallout in the event of one. It's probable that next
year will be filled with as many data breaches as 2014, but a prepared CSO
can help protect their organization from the inside out.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!