Why cybersecurity needs thinkers and doers

By Fortinet

Here are three key attributes of an effective Chief Information Security Officer (CISO), according to cybersecurity company Fortinet.

A stunning 96% of businesses have experienced one severe cyber exploit in the United States, according to the Fortinet 2018 Threat Landscape Report.

Clearly, almost every organisation is susceptible to cyberattacks. Another study by IBM has found the average cost of a single data breach to be 3.86 million USD, up from the previous year’s figure.

It’s no surprise, then, that organisations are placing increasing emphasis on securing their digital fronts. The people with the know-how to do that job are in high demand.

Enter the CISO

As threats to business security rise and cyber crime grows in sophistication, the task of building and implementing cybersecurity strategies is entrusted to the Chief Information Security Officer (CISO). Whether it is developing security frameworks, conducting investigations, or detecting compromises as they happen, a CISO must prioritise available resources to keep an organisation secure and protect its reputation.

This, of course, includes keeping up with the constant evolution of cyber crime, and equipping employees with the relevant skills. Now more than ever, the work of CISOs is expanding to become increasingly enmeshed with every aspect of operations, from management to business goals.

The greater the extent of an organisation’s digitisation, the greater its vulnerability to cyberattack. Keeping the primary objective of safe guarding organisations at heart, CISOs can still facilitate digital transformation by shaping current systems.

Base it on data

For one, according to a study published by Fortinet, building decision-making on quantitative risk analysis — rather than leaning on subjective judgment — makes for a more effective CISO.

Experts at McKinsey & Company advise that cybersecurity be integrated into the business value chain and as a fundamental characteristic of product design, down to the smallest device in a network. Wherever customers and business partners connect, sensitive data changes hands and demands protection, with no room for cracks in the system.

Lastly, no system can remain stagnant. CISOs need to build cybersecurity models that are easily adaptable in the face of rapidly shifting digital transformation.

Staff up

In companies seeking digital transformation, growing concern for cybersecurity also means taking on more staff for cybersecurity teams. The task of cultivating a strong security infrastructure begins right from the onboarding for new team members.

Providing a solid fundamental onboarding programme is clearly effective — employees who participate in such programmes have been shown to be 69% more likely to stay for at least three years.

However, relying on general ‘macro-onboarding’ isn’t enough, as a recent CISO Hiring Guide released by Fortinet advises. For CISOs, a clearly laid-out process of role-specific ‘micro-onboarding’ is crucial not just for retaining valuable employees, but for mitigating the security risks involved as well. New hires should be equipped with a baseline understanding of the role they are stepping into: this includes the existing IT infrastructure, current tools that are in place, and the threat climate surrounding the organisation.

Relationships first

CISOs must also consider the roles and relationships that come into play in everyday duties. According to Fortinet’s CISO Hiring Guide, by adopting a proactive and long-term view of onboarding, CISOs set their teams up for success.

Security is about people as much as it is systems. It would be unwise to rely on one individual to shoulder the leadership of a national military without support, says The CISO Collective. So it is with CISOs — in the neverending arms race of cyber crime and security, protecting an organisation from the inside out is no easy undertaking, and it is not one to be done alone.

When cybersecurity is made a team effort, everyone benefits. CISOs get respite from the uphill battle of improving security infrastructure, team members (or deputy CISOs) contribute valuable input, and organisations rest secure.
It might seem counterintuitive to focus so much on training and leadership, not tech. But in the end, computers don’t hack us, people do.

Fortinet is at GovWare booth #D02 on 1-3 October 2019.

GovWare is the region’s most established premier conference and showcase for cybersecurity, and is the cornerstone event of Singapore International Cyber Week. GovWare 2019 is taking place from 1 – 3 October at Suntec Singapore Convention & Exhibition Centre. Register for the event here.