Light Dark
February 5, 2015 By Rick M Robinson 2 min read
CISO

As hacking attacks escalate, demanding media attention and costing businesses hundreds of millions of dollars, organizations are fighting back. Above all, they are learning to treat information security not just as a technical problem, but an ongoing challenge that extends across the enterprise.

Chief information security officers (CISOs) are emerging as the crucial players in the evolving understanding of security. Indeed, when the history of information security in the 21st century is written, the current era may well be recorded as the decade of the CISO.

The CISO and Growing External Threats

The changing role of information security in the enterprise is being driven by business leaders’ recognition of a rapidly evolving threat.

For the past three years, IBM has published its annual Chief Information Security Officer Assessment, which tracks CISOs’ perceptions of threats and how their organizations are responding. The most recent survey shows how external threats (hacking attacks) have pulled away and taken the lead from other security concerns.

The most recent high-profile attack on Sony Pictures Entertainment exemplifies the scope of this external threat. Risks are not confined to the most obvious potential victims, such as retailers, who must protect millions of customer account records. Any and all intellectual property is at risk of being compromised. The attackers may be motivated by financial gain, including extortion by threat of data destruction. Their motives can also extend to political causes or be sponsored by state intelligence agencies.

Security as a Policy Issue

Such ruthless and sophisticated attackers pose an existential threat to the enterprise. In response, as Brian Engle and Renee Guttman report at CSO Online, CISOs are being asked to provide technical knowledge and policy guidance. According to the National Association for Corporate Directors, “Cybersecurity is an enterprise-wide risk management issue, not just an IT issue.”

Engle and Guttman identify three key issues that enterprise leaders should consider in their security planning. They need to consider CISO access to top decision-makers and the overall governance of the security policy. They must also focus on training the next generation of security leaders, with emphasis on engaging board members and other key stakeholders.

Finally, while security breaches are driving headlines, enterprises cannot let headlines drive their security policies. Security must be proactive, not reactive to the most recent crisis.

Information security threats will continue to evolve, and the role of the CISO will evolve along with them. By bringing the CISO into the strategic discussion, enterprise leaders can keep their security framework pointing forward.

Download the IBM Report: Cybersecurity perspectives from the boardroom and C-suite

 |  |  | 
Rick M Robinson

More from CISO
April 9, 2024

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

April 2, 2024

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

February 21, 2024

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature