Cybersixgill Kicks off CISO Roundtables
In February, Cybersixgill held its first CISO roundtable, where cybersecurity and risk executive leaders from the US and Europe gathered to discuss top cybersecurity concerns for 2021. They also discussed the definition of threat intelligence within their organizations and the role threat intel plays within their risk management strategy.
Coming mainly from banking, financial services, insurance and retail industries, participants shared their thoughts about top CISO challenges - from the impact of COVID-19 on innovation and cybersecurity, to the importance of board awareness. The roundtable, moderated by Chris Roberts, Chief Security Strategist at Cynet Security, and in partnership with C-vision international, was split into two sessions with attendees from different industries and geographies who brought unique perspectives and insights into the conversation. Here are the key takeaways:
The pandemic acted as a catalyst for innovation. Enterprises had to adapt - fast. And while shifting to WFH proved that humans can adapt fast, agility and innovations took their toll on cybersecurity in the form of increased attack surface and human error.
The need for innovation is costing cybersecurity. In many organizations, innovation teams are cutting corners and cybersecurity needs to pick up the slack. ”OK we’ve done this - now can you make it secure?” Pre-COVID, this could somewhat be handled, but now, at the current speed of business, it’s extremely hard. In addition, cyber attacks are developing at high speed, and there's a lack of visibility and understanding of the sources. We’re experiencing a shift in priorities as the growing pressure on infrastructure as a result of WFH, makes us more vulnerable to attacks. And as with all things moving fast, it boils down mainly to the human factor.
There was a clear consensus among participants that there’s a need for a paradigm shift. Embracing automation in order to cope with the increasing amount of data points needed to be digested by security teams, gaining intelligence fidelity, content, granularity of actionable insights and alerts. Cyber threat intelligence has to be top-of-mind for cybersecurity leaders and executives - not only in their own sectors, but in adjacent sectors as well.
“We’re drowning in metrics,” ”We need to simplify” - those words were voiced repeatedly when the subject of board awareness was raised. Boards are interested in supporting the business.
While board members aren't necessarily fully versed in cybersecurity, they are learning more and more. Attendees testified that there's an increase in sophistication in boardroom conversations when it comes to cyber risk and its impact. They are maturing, learning, and developing, but the messages still need to be delivered in a simplified manner and in business terms.
Most participants were in agreement that boards seem to be moving on from the notion that it's the job of the CISO to prevent ALL attacks.They are maturing to understand that it’s about detection, prevention, execution as well as the arms race. They are realizing the benefit of frameworks, focusing on true governance: “Do we have a playbook that is the perfect response to the inevitable?” Similar to the finance world, they’re also insisting more and more on 3rd party verification/validation: “Has some else gone over this?”
Keep it simple, CISO
In essence, all boards want to hear from their CISOs answers to three big questions: “What’s our state of risk? What are we doing to reduce it? How are we ranking or prioritizing activities to reduce risk?”
CISOs need to talk in a language that others understand: “We can’t go in spitting acronyms and other junk and hope they’ll be able to understand it.” They have to contextualize it and make them understand. In other words, less FUD, more focus on business value and progress.
Every CISO needs a champion
Rallying leadership behind cybersecurity is a real challenge. When accomplished, it is almost exhilarating, and it starts with perception. Board members might not have a technological understanding as to what CISOs are talking about, but it’s the perception CISOs provide, that they’re keeping the company (thus, the board) safe. That’s what matters most.
While the board might not fully understand cybersecurity, you still have to get the message across, get funding, and keep the company safe - and you as a CISO can’t do this alone. You have to get a champion. Maybe a c-level that will help you deliver a consistent message. Consistent messaging breeds trust and confidence from the board. The last thing you want to do is create confusion. You have to align with other functions in the organization (innovation, CIO, etc...) so your message will be aligned with all other initiatives, thereby providing the board with confidence. Find your champion - this will fundamentally change your interactions and the board’s perception of you, your role, and your performance.
Sharing is a fundamental element of the growth of cybersecurity communities. Sharing between organizations, agencies and communities. History shows that only good things come out of it. As practitioners, we should never base our intelligence on one source or one partnership. There was an agreement between participants, that “personal circles of trust”, CISO to CISO, practitioner to practitioner, are more often than not the fastest way to get the richest data.
Although as a community we still have a way to go, it was a consensus among participants that sharing is improving, and that as the cyber industry matures, sharing will become more instinctive, benefiting everyone in the process.
Fireeye received major props across the board for setting the bar in transparency and speed by sharing and disclosing the attack they suffered to the benefit of everyone else in the industry. A key part in the speed is taking care of potential legal and brand protection issues. The cybersecurity community needs to push regulators to set the framework for sharing in order to benefit the community. Crafting a framework and a way to share intelligence will benefit organizations, vendors and cyber professionals alike.
Cybersixgill is on a mission to improve, enable and fuel cybersecurity operations, platforms, and people. The February roundtables were the first step in our journey for better intelligence-driven cybersecurity operations across the globe. If you’re a cybersecurity leader, we’d love to have you join our next roundtable and help grow the community.