CISOs are critical to thriving companies: Here’s how to support their efforts

Even before COVID-19 initiated an onslaught of additional cybersecurity risks, many chief information security officers (CISOs) were struggling.

CISOs struggling

According to a 2019 survey of cybersecurity professionals, these critical data defenders were burned out. At the time, 64% were considering quitting their jobs, and nearly as many, 63%, were looking to leave the industry altogether.

Of course, COVID-19 and the ensuing remote work requirements have made the problem worse. It’s clear that companies could be facing an existential crisis to their data security and that their best defenders are struggling to stay in the fight.

The current state of CISOs

Even as they have to deal with an ever-expanding threat landscape, CISOs are managing a mounting plate of responsibilities. As companies hurdle toward digital transformation, automation, cloud computing, brand reputation, and strategic investments are falling on CISOs’ plate.

It’s easy to see why CISOs feel overwhelmed, overworked, unprepared, and underequipped. Cisco’s recent CISO survey, which combines insights from panel discussions and more than 2,800 responses from IT decision-makers, puts both quantitative and qualitative metrics to these problems.

Notably, leaders identified a workforce that is rapidly becoming remote as a top cause of stress and anxiety. Specifically, Cisco reports that “More than half (52%) told us that mobile devices are now very or extremely challenging to defend.”

By now, the cybersecurity vulnerabilities associated with remote work are well-documented, but the COVID-19 pandemic makes it clear that remote work is going to become both more prominent and more problematic in the weeks, months, and years ahead.

In the meantime, a deluge of alerts and threat notifications are causing cybersecurity fatigue, meaning leaders are “virtually giving up on proactively defending against malicious actors.” Collectively, 42% of survey respondents indicated that they were experiencing cybersecurity fatigue.

This challenge is amplified when leaders are managing multiple vendors, as “complexity appears to be one of the main causes of burnout.”

Finally, CISOs are being asked to navigate an increasingly complex threat landscape while accounting for expanding government oversight in the form of data privacy laws, which are becoming ever-more prevalent now that the pendulum has swung almost entirely toward digital discretion.

To be sure, that’s not to say that CISOs aren’t excelling. The industry is full of hard-working, talented, and ambitious people. Everyone, from MSPs to CEOs, needs to do a better job of supporting CISOs.

Supporting struggling CISOs and protecting data

1. Prioritize singularity

CISOs are struggling to manage a multi-vendor environment with disassociated solutions coming from many places. Instead, provide comprehensive endpoint data loss prevention software that accounts for a wide range of threats and offers extensive insights into a company’s data landscape.

2. Rely on automation

The vast majority of cybersecurity personnel who reported cyber fatigue experienced more than 5,000 alerts every day. The rapidly expanding capabilities of AI and machine learning have to be harnessed to reduce this onslaught of information. Many threats can be addressed with software, reducing the number of alerts that actually make it to IT personnel, allowing them to focus on the most prescient threats. It’s both better use of their time and a more sustainable way to work.

What’s more, relying on automation can help IT leaders account for a growing and apparent skills gap that leaves many departments understaffed.

3. Account for known risks

Today’s threat landscape is expansive, but some risks are more prominent than others. For instance, it’s estimated that human error is responsible, in part, for as many of 90% of all data breaches. In other words, employees collectively represent the most significant cybersecurity risk, as both accidental and malicious insiders contribute to a growing number of breaches. For instance, we’ve seen examples of

  • Employees compromising network security by engaging with phishing scams
  • Employees stealing company data to sell or leverage down the road
  • Employees accidentally sharing private information outside of appropriate channels
  • Employees accessing company data on personal devices

There is a myriad of ways that insiders compromise company data. Identify and determine cybersecurity solutions that can bolster your defenses toward the most prominent threats.

4. Communicate and prepare

Ultimately, cybersecurity isn’t just a priority for CISOs. It’s time to develop an all-in approach to data security to bring awareness and capability to every level of the company. In a real way, data security depends on each person playing an active role in the company’s defensive posture.

CISOs may be struggling, but they are immensely talented and uniquely important. It’s time to support their efforts in meaningful and tangible ways.


Subscribe to the Help Net Security breaking news e-mail alerts:


Don't miss