What top strategic priorities for CISOs in 2022?

In a context where the flow of cyber threats continues to grow, the role of cybersecurity manager is today one of the most exposed in the company. Attackers put organizations under pressure with daily cyberattacks, more or less stealthy and targeted, using all the potential vulnerabilities of organizations (vulnerabilities of systems, hybrid work, cloud, user-related, etc.) . But in addition to managing their day-to-day, CISOs need to look beyond and take into consideration the major trends that could impact their longer-term security programs. Here are the Top 6 priorities for CISOs this year…

The auditing and consultancy firm KPMG has published a report detailing several factors that should be considered as a priority; many of these factors apply equally to SMEs and large enterprises. These elements can be of great help to CISOs to better prepare for cyberattacks. Let’s take the time to analyze these main factors.

1- Broaden the strategic dialogue surrounding security

Securing critical resources, systems, and sensitive corporate and customer data is no longer a problem that concerns only security and IT professionals. Risk management and mitigation aimed at fostering the strategic viability and operational sustainability of the organization should be a shared responsibility.

Business leaders are now aware of the importance of cyber risk management. A successful strategy begins at the board and senior management level.

Outsourcing strategic decision-making and risk management, in particular the risks inherent in digital transformation, is no longer enough. Modern security tools have their limits in terms of reducing risk when business objectives do not include the integration of a robust security framework.

To better align cybersecurity with organizations’ strategic business goals, CISOs and their teams need to help their company’s senior executives become fully aware of what is by definition security and privacy.

2- Adapt security to the cloud

As the report points out, cybersecurity and cloud security are increasingly intertwining. All the principles that apply to on-premises security – data protection, identity and access management, infrastructure and vulnerability management – ​​are also applicable to the cloud.

What differs, KPMG explains, is the technology. The tools have changed with the widespread adoption of the cloud. The cloud environment implies an increased reliance on automationwhich is required for many steps, from deployment to monitoring to remediation.

CISOs and their teams should work with their business partners and vendors to ensure everyone understands cloud-specific security requirements and work with cloud providers to avoid misconfigurations, which are often the source of vulnerabilities exploited by attackers.

3- Put identity at the center of your cyber strategy with the “Zero Trust” approach

With the considerable increase in teleworking and the use of e-commerce, due to the pandemic, the protection of sensitive data has never been so complex. Organizations should consider adopting a zero trust mindset and architecture – placing identity and access management (IAM) at the heart of their strategy.

Current IAM modelsoriginally created to manage digital identities and user access within separate organizations, are now redesigned to provide an adequate level of resiliency and provide mission-critical authentication capabilities suitable for federated, private, public, or multi-cloud environments, the report states.

As an automated approach that can help eliminate costly manual processes, reduce the attack surface, and establish cybersecurity policies and principles, the Zero Trust security model is increasingly seen as a viable approach.

4- Take advantage of security automation

Some of the major benefits potentially offered by automation come to light when the focus is on implementations designed to help solve business problems, the report says. For example: valuing human resources through more efficient orchestration of ordinary tasks; secure a competitive advantage in areas where speed is important; and analyze large, often unstructured datasets.

As the threat landscape continues to expand and grow in complexity, and the shortage of cybersecurity talent continues to worsen, companies will increasingly rely on automated security processes. They will thus be able to free up resources by automating certain security functions, in particular those related to routine and repetitive tasks.

Tasks that were once handled by highly skilled professionals, such as vulnerability scanning, log analysis, and compliance can be standardized and performed automatically, reducing detection times and incident response and provide scalability.

5- Secure beyond the limits

Companies are looking to digitally transform their operations, and that means adopting a data-centric approach, whereby data is regularly shared across a connected ecosystem of partners.

This presents cybercriminals with many opportunities to compromise systems and data, and CISOs need to secure their own organizations while encouraging the strengthening of cybersecurity across its entire value chain (supply chain).

According to the report, companies should properly assess the organizational security policies of potential vendors as well as the security built into the products and services they will access. This requires remarkable diligence on the part of each ecosystem partner. CISOs face the difficult task of shifting to a proactive approach that places continuous monitoring, use of AI-powered tools, threat intelligence, and Zero Trust at the core of their ecosystem’s security model .

6- Reframe conversion around cyber-resilience

Many companies have already largely integrated digital; they must therefore assess their ability to recover from the potential effects of a major cybersecurity incident. The report encourages CISOs and their teams to initiate a dialogue with leaders that will determine whether the organization can absorb or recover from a cyberattack within days.

Companies should assess their ability to maintain operations in the event that an incident continues for several weeks. They need to ask questions as ” How prepared is the company to be out of business for four to six weeks due to a cyberattack? », « How would an outage affect customer service? “What would a disruption mean for call and distribution centers? », « How would a disruption affect the regulatory and legal requirements to which the business is subject? “, etc.

Resilience goes hand-in-hand with an assessment of key business business processes and requires a strategy to protect them “, concludes the report. ” Given the current market reality, most businesses will sooner or later face a major cybersecurity event. In this context, keeping in mind the changing mindset of security professionals, many CISOs place equal emphasis on reducing the likelihood of a cybersecurity event occurring and managing the consequences of such an event. »
___________________

By Laurent TomboisCountry Manager France and French-speaking Africa of Bitdefender


Also read:

> The 7 main cyber risks of 2022 according to Gartner

> 4 main priorities for network infrastructure and security managers in 2022.

> Cyber-resilience 2022: where are we?

> What future for cybersecurity in 2022?

> Cybersecurity in 2021: an eventful year for CISOs.

> Keeping its IT equipment up to date: a real challenge for CISOs…

We want to thank the writer of this write-up for this outstanding material

What top strategic priorities for CISOs in 2022?


Explore our social media profiles and also other pages related to themhttps://www.ai-magazine.com/related-pages/