Don’t Panic! Create a Winning Cybersecurity Strategy to Preserve CISO Sanity
Stress comes with the territory for chief information security officers (CISOs). As noted by Medium, the job is unpredictable, with “long periods of preparing, watching, waiting, punctuated by periods of high stress and occasional bruising.”
As both vendors and cyberthreats proliferate, finding a balance between an effective cybersecurity strategy and reasonable employee access is becoming problematic. Add in accidental security breaches, the expectations of C-suite members — especially when CISOs don’t get a seat at the table — and budget constraints, and panic sometimes feels like the most reasonable response.
Five Keys to a Stress-Free Cybersecurity Strategy
While these problems won’t go away anytime soon, security leaders and executives can implement strategies, policies and communication methods to fill budgetary and awareness gaps and get disparate departments on the same page. Here are five tips to help CISOs retain their sanity and bolster business borders.
1. Create a Clear Strategy
According to Databarracks’ “Data Health Check 2017” report, only 53 percent of IT decision-makers felt confident about their organization’s ability to handle cyberthreats such as viruses, spyware and ransomware. Even more worrisome, PwC’s “Global State of Information Security Survey 2018” revealed that 44 percent of organizations lack an overall information security strategy. Given these startling statistics, it’s no surprise that CISOs are feeling the heat, since most enterprises lack clear direction when it comes to handling new cybersecurity threats.
Staying sane demands specificity. Security leaders should draft actionable security policies that have C-suite support and clear consequences for noncompliance. Start with staff members: Make sure they understand the new guidelines and give them room and time to learn and adapt. Then, enforce the policy as needed to limit security risk.
2. Activate Automation
CISOs often struggle with the dual difficulties of budget and time. There’s no more money to hire extra staff, but there aren’t enough hours in the day to get everything done. The solution, according to Dark Reading, is automation. Automated tools can track and monitor devices at a granular level, allowing CISOs to see what’s happening and where in real time. Automated tools can also replace cumbersome and error-prone processes such as data entry and review, allowing current IT staff to tackle high-priority projects instead of playing catch-up.
3. Talk the Talk
CISOs are often overlooked when it comes to the C-suite short list. Some CISOs prefer working with technology over attending endless meetings about budget and strategy, but cybersecurity is now a line-of-business opportunity, not a cost center.
Getting the budget and resources needed to stop cyberthreats means selling the concept to executives in terms they understand. Put simply, CISOs need to talk the talk and find ways to couch security problems in business-friendly language. And while developing soft skills seems like one more task for CISOs to pile onto their already full plates, it’s a long-term win: With the C-suite on board, technology and budget approval becomes a much smoother process.
4. Bridge the Gap
In a cloud-based world, silos and departmental boundaries destroy cybersecurity success. If IT security professionals don’t want to deal with disaster recovery experts, marketing doesn’t like how HR is handling data and front-line employees push back against security policies, the result is a nightmare that keeps CISOs up at night and barely hanging on day-to-day.
Here, staying sane means finding a way to bridge the gap between disparate departments and evolving expectations. To make your case, be clear about the costs of lax cybersecurity and talk up the potential benefits of cloud-based collaboration. This is the domain of the new CISO — part encourager, part enforcer, but entirely dedicated to reducing security risk.
5. Prioritize People
Building relationships should remain your top priority. While CISOs are often torn between balancing budgets and managing human resources, these human connections ultimately make or break CISO success.
Budgets fluctuate based on a host of factors, from the previous quarter’s profits to upcoming capital expenses or new investments. The right people, however, form the backbone of reliable security response. By putting relationships first and budget concerns second, CISOs can encourage a culture of loyalty and respect in which various departments work together to solve budget problems.
Sanity Is the Best Strategy
There’s no question that CISOs are under stress, with emerging cybersecurity threats making it harder and harder to stay sane. But it’s possible to keep crazy off your radar. Start with a smart cybersecurity strategy, opt for automation, speak the language of business and bridge the gap by putting people first.