Light Dark
October 30, 2017 By Douglas Bonderud 3 min read
CISO

Stress comes with the territory for chief information security officers (CISOs). As noted by Medium, the job is unpredictable, with “long periods of preparing, watching, waiting, punctuated by periods of high stress and occasional bruising.”

As both vendors and cyberthreats proliferate, finding a balance between an effective cybersecurity strategy and reasonable employee access is becoming problematic. Add in accidental security breaches, the expectations of C-suite members — especially when CISOs don’t get a seat at the table — and budget constraints, and panic sometimes feels like the most reasonable response.

Five Keys to a Stress-Free Cybersecurity Strategy

While these problems won’t go away anytime soon, security leaders and executives can implement strategies, policies and communication methods to fill budgetary and awareness gaps and get disparate departments on the same page. Here are five tips to help CISOs retain their sanity and bolster business borders.

1. Create a Clear Strategy

According to Databarracks’ “Data Health Check 2017” report, only 53 percent of IT decision-makers felt confident about their organization’s ability to handle cyberthreats such as viruses, spyware and ransomware. Even more worrisome, PwC’s “Global State of Information Security Survey 2018” revealed that 44 percent of organizations lack an overall information security strategy. Given these startling statistics, it’s no surprise that CISOs are feeling the heat, since most enterprises lack clear direction when it comes to handling new cybersecurity threats.

Staying sane demands specificity. Security leaders should draft actionable security policies that have C-suite support and clear consequences for noncompliance. Start with staff members: Make sure they understand the new guidelines and give them room and time to learn and adapt. Then, enforce the policy as needed to limit security risk.

2. Activate Automation

CISOs often struggle with the dual difficulties of budget and time. There’s no more money to hire extra staff, but there aren’t enough hours in the day to get everything done. The solution, according to Dark Reading, is automation. Automated tools can track and monitor devices at a granular level, allowing CISOs to see what’s happening and where in real time. Automated tools can also replace cumbersome and error-prone processes such as data entry and review, allowing current IT staff to tackle high-priority projects instead of playing catch-up.

3. Talk the Talk

CISOs are often overlooked when it comes to the C-suite short list. Some CISOs prefer working with technology over attending endless meetings about budget and strategy, but cybersecurity is now a line-of-business opportunity, not a cost center.

Related: A CISO’s Guide to Obtaining Budget: Know Your Audience

Getting the budget and resources needed to stop cyberthreats means selling the concept to executives in terms they understand. Put simply, CISOs need to talk the talk and find ways to couch security problems in business-friendly language. And while developing soft skills seems like one more task for CISOs to pile onto their already full plates, it’s a long-term win: With the C-suite on board, technology and budget approval becomes a much smoother process.

4. Bridge the Gap

In a cloud-based world, silos and departmental boundaries destroy cybersecurity success. If IT security professionals don’t want to deal with disaster recovery experts, marketing doesn’t like how HR is handling data and front-line employees push back against security policies, the result is a nightmare that keeps CISOs up at night and barely hanging on day-to-day.

Here, staying sane means finding a way to bridge the gap between disparate departments and evolving expectations. To make your case, be clear about the costs of lax cybersecurity and talk up the potential benefits of cloud-based collaboration. This is the domain of the new CISO — part encourager, part enforcer, but entirely dedicated to reducing security risk.

5. Prioritize People

Building relationships should remain your top priority. While CISOs are often torn between balancing budgets and managing human resources, these human connections ultimately make or break CISO success.

Budgets fluctuate based on a host of factors, from the previous quarter’s profits to upcoming capital expenses or new investments. The right people, however, form the backbone of reliable security response. By putting relationships first and budget concerns second, CISOs can encourage a culture of loyalty and respect in which various departments work together to solve budget problems.

Sanity Is the Best Strategy

There’s no question that CISOs are under stress, with emerging cybersecurity threats making it harder and harder to stay sane. But it’s possible to keep crazy off your radar. Start with a smart cybersecurity strategy, opt for automation, speak the language of business and bridge the gap by putting people first.

Listen to the podcast series: Take Back Control of Your Cybersecurity now

 |  |  |  |  |  |  |  | 
Douglas Bonderud
Freelance Writer

More from CISO
April 9, 2024

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

April 2, 2024

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

February 21, 2024

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature