IN THE NEWS
3 areas in which CISOs are becoming more proactive
March 14, 2018
I’ve spent a good amount of time speaking with CISOs over the past month and plan to write up a report about what I’m learning sometime after the RSA Security Conference. In the meantime, it’s become crystal clear to me that CISOs are becoming more and more proactive in their jobs in a few areas, including the following:
In the distant past, most organizations really didn’t believe they were potential targets for cyber attacks. Yes, CISOs were responsible for building adequate defenses, but this job was seen as a purely technical endeavor. At that time, hackers were hackers — outside of Ft. Mead, few cybersecurity pros distinguished between cyber criminals and state-sponsored actors.
This attitude changed over the past few years as executives witnessed an increasing number of publicly-disclosed data breaches. When data breaches occurred, CEOs quickly phoned up the CISO to ask what happened and whether their organization was at risk.
More recently, CISOs have taken risk oversight to the next level by actively monitoring threat intelligence to better understand cyber adversaries and their tactics, techniques, and procedures (TTPs).