Share:
ShapeCreated with Sketch.

Who’s Responsible For Cyber Security?

ShapeCreated with Sketch.

Modern society is moving towards an increasingly digital world at a rapid speed. Humanity will change more in the next 20 years than in the previous 300 years, and this exponential growth will create a cybersecurity workforce gap. This exposes us to all kinds of digital cyber risks. For organisations to remain secure, the urgency for more cybersecurity talent than what we currently have has become greater than ever.

In this blog post, I will be delving into three key components of cyber security:

  1. Cyber risk assessment and talent gap
  2. The traits of security professionals
  3. Roles and responsibilities of the CISO

1. Cyber Risk Assessment and Talent Gap

According to McAfee, Cyber-attack is currently the 4th most significant risk to human life in the world. This is even more alarming considering that the top 3 are natural phenomena.

Furthermore, there are eight new threat samples found every second. Can you imagine the huge impact they would have on our digital world?

At the moment, most job opportunities lie in the area of security operations. It is a high percentage that needs to be filled, especially when Asia-Pacific’s cybersecurity workforce gap is predicted to hit 2.14m.

At C-level, there is still a disconcerting apathy towards cybersecurity.

2. The Traits of Security Professionals

Believe it or not, being a gamer or gaming as a hobby actually helps you become a successful cybersecurity professional. Research has found that you have an 78% chance of becoming a successful cybersecurity professional.

Here are some desirable traits:

  1. Be (think like) a gamer
  2. Be a nice human being (you might be a “superstar” but that doesn’t mean you need to act like one)
  3. Inquisitive
  4. Logical and Analytical
  5. Creative
  6. Fast learner
  7. Passionate

3. Roles and Responsibilities of the CISO

Chief Information Security Officer (CISO) is an emerging role in IT.

The CISO is the senior-level executive within an organisation responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected.

A typical CISO should hold non-technical certifications (like CISSP & CISM), although a CISO coming from technical roles might have expanded his or her skillset in C-Level areas.

In addition, experience or specialised training in other areas can also help the CISO, such as Project Management to manage the Information Security Program, Financial (e.g. holding an accredited MBA) to manage InfoSec budgets, and Soft-Skills to direct heterogeneous teams of Information Security Managers, Directors of Information Security, Security Analysts, Security Engineers, and Technology Risk Managers roles in major corporations and organisations.

The CISO acts as a bridge between C-Level and the technical team. They must develop the competency to confidently persuade and explain technical risks and its impact on business. For instance: “This risk (i.e cross-site scripting) will potentially result in a loss of 60 million dollars for the organisation.”

It is crucial as a CISO to not only have an understanding of business, but also the ability to influence board members in order to solve company-level problems and address cybersecurity risks.

With careful planning and design that aligns with business impact, technology can help you solve a problem. Any ambitious project without a vision tends to fail.

Since 2017, there has been a steady increase in financial losses due to cyber attacks. In 2018 alone, the FBI IC3 received a total of 351,936 complaintswith losses exceeding $2.7 Billion. This is alarming and truly a cause for concern, and reinforces the need for all businesses to take cyber risks very seriously.

Typically, the CISO’s influence should be felt across the entire organisation. Responsibilities may include, but not limited to:

  • Computer emergency response team/computer security incident response team
  • Cybersecurity
  • Disaster recovery and business continuity management
  • Identity and access management
  • Information privacy
  • Information regulatory compliance ( Europe GDPR etc)
  • Information risk management
  • Information security and information assurance
  • Information security operations center (ISOC)
  • Information technology controls for financial and other systems
  • IT investigations, digital forensics, eDiscovery

Apart from their responsibilities, some essential qualities that a CISO should possess includes:

  • The art of storytelling

Craft engaging stories instead of using technical jargon, which is often difficult to understand by business people.

  • Navigating the CXOS

You need to have as many advocates as possible to sustain your influence, especially at C-Level.

  • Understanding the environment

Knowing your environment is important so that you can achieve your goals.

  • Personal accountability

With great power comes great responsibility. You must take ownership of everything that happens in the organisation regarding security.

  • Dealing with intelligence

Instead of waiting for things to happen, you should drive preventive action by finding all types of security issues before anyone else. Red Team & Blue Team approach can help with this.

The cybersecurity landscape is undergoing dramatic shifts where you will be challenged by the greatest minds (hackers). However, you will have the opportunity to make the digital world more secure, and that itself is a journey worth taking.