December 23, 2015 By Rick M Robinson 3 min read

The holiday season is here. For chief information security officers (CISOs), as for Santa and his elves, it is the busiest season of the year.

For nearly all organizations, this season marks the run-up to an end-of-the-year security audit, a time to review and assess the organization’s cybersecurity progress and posture. And for retailers, it is also the busiest season of the year — one filled with its own security challenges.

A Season for Looking Back — and Ahead

The holidays are a time for making lists — not only of who’s been naughty or nice in the past year, but also for making resolutions on how best to meet the next year’s challenges. For CISOs, this means assessing and evaluating the security picture over the last 12 months, double-checking compliance needs and evaluating which issues are likely to be prime considerations next year.

CISOs will need to call on their elves to assist in these big tasks. These helpers may come from both inside and outside the organization, ranging from members of the security team and the rest of IT to representatives of other business units (IT’s internal customers), business partners and the broader cybersecurity community. Whether or not an external year-end audit is performed, WindowsObserver.com offered useful advice that goes beyond any specific operating system.

The first item on the CISO holiday checklist is looking back at how the security landscape developed in 2015. This means analyzing everything from internal event logs that give a highly granular picture of the organization’s own experience to surveying global trends that are shaping security. What threats has the organization faced and how effectively has it responded to them?

The second big item on the checklist is legal and regulatory compliance, a factor in all industries and absolutely critical for some, such as finance and health care. Official rules can be a pain to develop and implement, but most of them have been well-crafted by security professionals, and compliance requirements play a big part in building shared standards and best practices. But since new laws and rules often take effect at early in the new year, compliance must be not only reviewed, but also updated.

Finally — last but by no means least — this is the season to prepare for the year ahead. What new potential threats are looming, and what tools are available to protect against them? For example, Wired noted that an emerging threat as we head into 2016 is malvertising, innocuous-seeming online ads placed on popular websites through third-party brokers that conceal malware. The victim does not even need to click on the ad; simply visiting major media sites can expose users.

Malvertising is outwardly a consumer threat, but in a bring-your-own-device (BYOD) world, what attacks employees as consumers can also attack the enterprise. And for organizations with advertising-supported websites, inadvertently hosting malvertisements is a huge security threat and an emerging challenge that must be met.

In short, the holiday checklist for CISOs includes thinking ahead to who may be naughty or nice next year.

For Retail CISOs, Unique Holiday Challenges

All organizations face these challenges, though many benefit from a holiday slowdown or even scheduled downtime. Let’s face it, a lot of people — though not the security team, of course — can and do “check out” a bit during the holidays.

Not so for the retail sector, including firms and charitable nonprofits that are not retailers themselves but whose business follows the retail cycle. This cycle famously (or infamously) peaks during the holiday season. So do its cybersecurity concerns.

Not only are people shopping more, but they are doing it amid more hectic surroundings and often going outside their familiar safe zones to look for that special gift. That means potential security risks spike even more than overall traffic does. Retail-related CISOs will be very busy indeed, earning some holiday cheer they won’t even be able to enjoy until after the season is over.

The good news, in and out of retail, is that this busy security season will soon be over. Security leaders who meet the seasonal challenges will be heading into 2016 with their organization’s security posture in good shape. That could give them plenty to celebrate when this time rolls around again next year.

Read the complete IBM research report on security trends in the retail industry

More from CISO

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today