BreachExchange mailing list archives
The Changing CSO Role: What to Expect in 2015
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Tue, 16 Dec 2014 20:37:01 -0700
http://talkincloud.com/cloud-computing/12162014/changing-cso-role-what-expect-2015 The New Year is still a few weeks away, but 2015 is already shaping up to be rough for chief security officers (CSOs). After waves of high-profile attacks against major corporations and governments in 2014, many firms are rightly concerned about their vulnerability. Unfortunately for CSOs, the usual constraints around funding, available talent and user awareness will stand in the way of the best security intentions. To meet the rising security challenge in 2015, CSOs must evolve within their organization and adapt to the new realities of cybersecurity. When, not if It’s an oft-repeated saying that a determined hacker will find a way to bypass any system, given enough time. While deterrence is important, it’s just as critical for firms to conduct regular analyses of their cyberattack preparedness. As many recent attacks have shown, few of the targeted organizations were primed for the possibility that their systems could be breached. In one instance, retailer Jewel-Osco suffered two data breaches within a six week span. Siloing important data in hopes of mitigating a cyberattack's effects is unwise, but CSOs do need to understand what information could be accessed in the event of an attack. Sensitive customer data is a top concern, but it’s not the only information that (if leaked) can negatively impact brand reputation or trigger a host of data breach disclosure regulations. Sony’s recent email leak has led to public humiliation, as everything from unflattering comments about Hollywood’s finest to corporate politics have been splattered across the Internet. Adaptive learning Even as budgets for new IT projects, and especially security tools, remain tight, they represent a key component of an organization’s overall risk-management strategy. Security appliances like Intrusion Detection and Prevention Systems (IDPS) not only offer enhanced protection, but can help predict the techniques that intruders may use in the future. For organizations unable to absorb the expense of an IDPS, a honeypot can still offer valuable insight into a firm’s IT weaknesses. CSOs should actively learn from their failures in order to prevent repeated breaches. Data breach post-mortems are a necessity; firms must be sure to identify other aspects of their systems that may remain vulnerable to a similar attack. CSOs must also take the big-picture view of each data breach: was a data breach linked to an isolated incident, or does it signal deeper, systemic issues? Preparing for 2015 Cybersecurity will remain a virtual arms race for the foreseeable future, but there are steps CSOs can take to reduce the likelihood of a data breach, and mitigate fallout in the event of one. It's probable that next year will be filled with as many data breaches as 2014, but a prepared CSO can help protect their organization from the inside out.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- The Changing CSO Role: What to Expect in 2015 Audrey McNeil (Dec 19)