This issue of CISO Corner provides a comprehensive look at the current landscape of cybersecurity, with articles and insights tailored specifically to security operations readers and security leaders.
One article by Jai Vijayan, a Dark Reading Contributing Writer, focuses on the struggle for C-Suite status among Chief Information Security Officers (CISOs). According to an IANS survey, CISOs are increasingly being asked to take on the responsibilities of C-suite roles, but without being recognized or treated as such. The survey found that a full 75% of CISOs are looking for a job change due to changing expectations and demands for accountability for security breaches. Despite this, only 20% of CISOs have reached the C-suite level, and in organizations with revenues of more than $1 billion, that number drops to 15%. This underlines the dissatisfaction among CISOs in the current organizational structure.
Another article by Robert Lemos, a Dark Reading Contributing Writer, discusses the rise in cyber-insurance premiums due to increasing cyber attacks. Premium costs fell by 6% in the third quarter of 2023 compared to the same quarter in 2022. However, with ransomware and privacy-related claims already skyrocketing, insurers have doubled premiums to offset losses. The cyber-insurance industry is growing, with the value of direct written premiums increasing by 62% year-over-year. Despite this, some predict a rise in premium costs in the next 12-18 months, signaling the potential for another round of increases.
In a commentary by Arye Zacks, a Senior Technical Researcher at Adaptive Shield, the Essential Eight Maturity Model, established by the Australian government for cybersecurity risk management, has been criticized for failing to address key factors needed to protect today’s cloud and SaaS environments. The document, established in 2010, has not kept up with the pace of digital transformation and is missing four key cloud-centric security directives: configuration management, identity security, third-party app integration management, and resource control. Zacks emphasizes the need for modern businesses to update their cybersecurity frameworks to incorporate these omissions.
A commentary by Ira Winkler, Field CISO & Vice President at CYE, discusses the limitations of historical budget constraints on cybersecurity programs. Winkler points out that the current security budget is often based on the previous year’s budget, which itself is based on prior budgets, resulting in a limiting cycle. He emphasizes the need to revisit budget allocations with future needs in mind, rather than being constrained by historical precedent.
Another article by Fahmida Y. Rashid, Managing Editor at Dark Reading, highlights the challenge of securing AI/ML tools and applications. As organizations increasingly incorporate artificial intelligence (AI) capabilities and tools that facilitate working with machine learning (ML) models, security teams are faced with new software supply chain headaches. With inadequate visibility into these tools, organizations are unable to manage them or protect the data being used. Rashid emphasizes the importance of locating and securing these AI/ML tools in order to effectively manage the associated risks.
Stephen Lawton, a Dark Reading Contributing Writer, delves into the changing regulatory and enforcement environment for CISOs in 2024. As a result of the personal and legal responsibility for data breaches placed on CISOs by the SEC, CISOs must shift their priorities to address these changes. Changes in cyber insurance will also impact cyber risk management, with expectations of tightened regulations on how organizations implement security on private data and privileged accounts. Lawton provides insights on how forward-thinking visionaries are approaching breach risk and emerging supply chain threats.
Lastly, Robert Lemos, a Dark Reading Contributing Writer, discusses the guidance provided by the US Cybersecurity and Infrastructure Security Agency (CISA) for water and wastewater utilities to improve their response to cyber attacks. With an increasing number of attacks targeting critical infrastructure, the guidance offers detailed advice for creating an effective incident response playbook, taking into account the sector’s unique challenges.
Overall, this issue of CISO Corner offers a comprehensive overview of the current cybersecurity landscape, providing valuable insights and guidance for security operations readers and security leaders to navigate the evolving challenges in the field.