Light Dark
February 5, 2015 By Rick M Robinson 2 min read
CISO

As hacking attacks escalate, demanding media attention and costing businesses hundreds of millions of dollars, organizations are fighting back. Above all, they are learning to treat information security not just as a technical problem, but an ongoing challenge that extends across the enterprise.

Chief information security officers (CISOs) are emerging as the crucial players in the evolving understanding of security. Indeed, when the history of information security in the 21st century is written, the current era may well be recorded as the decade of the CISO.

The CISO and Growing External Threats

The changing role of information security in the enterprise is being driven by business leaders’ recognition of a rapidly evolving threat.

For the past three years, IBM has published its annual Chief Information Security Officer Assessment, which tracks CISOs’ perceptions of threats and how their organizations are responding. The most recent survey shows how external threats (hacking attacks) have pulled away and taken the lead from other security concerns.

The most recent high-profile attack on Sony Pictures Entertainment exemplifies the scope of this external threat. Risks are not confined to the most obvious potential victims, such as retailers, who must protect millions of customer account records. Any and all intellectual property is at risk of being compromised. The attackers may be motivated by financial gain, including extortion by threat of data destruction. Their motives can also extend to political causes or be sponsored by state intelligence agencies.

Security as a Policy Issue

Such ruthless and sophisticated attackers pose an existential threat to the enterprise. In response, as Brian Engle and Renee Guttman report at CSO Online, CISOs are being asked to provide technical knowledge and policy guidance. According to the National Association for Corporate Directors, “Cybersecurity is an enterprise-wide risk management issue, not just an IT issue.”

Engle and Guttman identify three key issues that enterprise leaders should consider in their security planning. They need to consider CISO access to top decision-makers and the overall governance of the security policy. They must also focus on training the next generation of security leaders, with emphasis on engaging board members and other key stakeholders.

Finally, while security breaches are driving headlines, enterprises cannot let headlines drive their security policies. Security must be proactive, not reactive to the most recent crisis.

Information security threats will continue to evolve, and the role of the CISO will evolve along with them. By bringing the CISO into the strategic discussion, enterprise leaders can keep their security framework pointing forward.

Download the IBM Report: Cybersecurity perspectives from the boardroom and C-suite

 |  |  | 
Rick M Robinson

More from CISO
October 27, 2023

The evolution of 20 years of cybersecurity awareness

3 min read - Since 2004, the White House and Congress have designated October National Cybersecurity Awareness Month. This year marks the 20th anniversary of this effort to raise awareness about the importance of cybersecurity and online safety. How have cybersecurity and malware evolved over the last two decades? What types of threat management tools surfaced and when? The Cybersecurity Awareness Month themes over the years give us a clue. 2004 - 2009: Inaugural year and beyond This early period emphasized general cybersecurity hygiene,…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature