What is a constant? In mathematics and physics a constant is a value that never changes. A sum or condition that exists across all other permutations of variables. In the Information Technology industry, constant is the most accurate way to describe security threats facing businesses around the world. Every day, twenty-four seven, security threats originate from a variety of groups ranging from those committed to straightforward but complicated fraud to State actors involved in the digital version of classic espionage. Citing Verizon’s 2016 Breech Report, CIO relays that “The number of phishing email messages that were opened hit 30 percent in this year, up from 23 percent last year, according to Verizon’s 2016 breach report. Moreover, the gap between the time to compromise and the time to discovery rose from 62 percent in last year’s report to 84 percent this year.” Regardless of the source of the threats, meeting the challenge of creating strategies that are security and business conscious rests in the hands of the Chief Information Security Officer, or CISO.
Although the modern CISO has a deeply involved function in security, they must also be proficient in understanding how business works in their given industry and effectively communicate with people who may lack their deep technical understanding of cybersecurity but nevertheless must be involved in the processes required for preparing effective security strategies.
From the experts at consultancy WestMonroe, “The CISO advises the executive team on how the organization needs to meet security requirements to do business in their given industry. The CISO oversees a team that together has as a view of the risks facing the enterprise and puts in place the necessary security technologies and processes to minimize the risks to the organization. She is empowered to communicate risks to decisions makers and take action independently when necessary. She also advocates for investment and resources to ensure security practices are given appropriate attention.”
Measured from a risk standpoint, the role of the CISO seems absolutely critical to the function of the business, because security breaches have become more severe, while vulnerability and complexity of the attacks have increased with available technology. Following the trends, security breaches are only a matter of time for many businesses regardless of their size and sophistication.
Choosing the right CISO has become a critical focus of HR managers across businesses. According to Chris Patrick head of Egon Zehnder’s Global CIO Practice “You want someone who can architect a comprehensive security architecture and explain it clearly to the board when called to do so. And you want someone who can coordinate communications among the C-suite, general counsel, media relations and other necessary parties to respond to a cyber incident.”
Good news for those in the CISO industry as Patrick continues “…..with such high demand for security leadership roles, price tags are going up and folks are moving fairly regularly. As a result, it’s also imperative for companies to help themselves by grooming cybersecurity leaders in house. It’s an arm’s race and you’ve got to build capabilities internally as well. You can’t hire your way out of this problem.”
CISO roles are critical to modern businesses across industries regardless of their size or global presence. Constant cyberattacks in an ever evolving digital environment will only increase the need of critical experts who have mastered both security and maneuvering within the modern business environment at the c-suite level. Companies are moving to develop from within because of the competitive nature of hiring competent CISOs, therefore moving from one IT based career into CISO is likely promising.