The Biggest Cybersecurity Mistakes CISOs Might be Making Today
As more organizations move to the cloud, the need for airtight security has become paramount. As threats evolve and become more sophisticated, mitigating hacks and malicious attacks has become very difficult. And for many Fortune 1000 CISOs, some still believe that managing their security in-house or on-premise is safer and more cost-effective—when the opposite can very well be true.
In fact, even if a Chief Information Security Officer (CISO) performs 99 percent of their tasks perfectly, there is still plenty of opportunity to make mistakes. That last one percent can ultimately be their downfall. When companies have unpatched vulnerabilities, or incorrect configurations, or other holes in their security tactics (not to mention the "set it and forget it” mentality after deployment)—security management can quickly become a CISO’s nightmare.
This is why it's so important for leaders to consider the following when developing the right security approach for their organizations.
- How much time can I give? Managing a security solution takes time and to be the most effective, it must be monitored daily. Even beyond the initial setup, this requires keeping the solution up-to-date, adding new rules and ACLs, and continually monitoring for new threats. The person in charge of this is usually the CISO, but it’s easy for this to quickly fall off as the number one priority. Perhaps someone else (who can be fully dedicated) should be chosen instead. Of all areas of responsibility, cybersecurity is one that has zero tolerance for error. Anything less than perfect performance, 24/7/365, can eventually be catastrophic.
- Can my team manage our security solutions effectively? Administering security solutions can be tedious, time-consuming, and error-prone. Most solution providers offer some sort of management service that will handle a solution for you. In effect, this increases the size of your team. You get additional team members, who are experts in cybersecurity, fighting off malicious elements on the web. This saves you time (because your team doesn’t have to administer the solution anymore), and it gives you better results (since the administration is done by experts). In an era of ever-more-complicated security products and evolving hacks, this can be a real game changer in remaining safe.
- Am I incurring unnecessary costs? While many executives believe that spending a lot of money on a high-powered security solution equals good protection, the most expensive solutions are not always the best. Most importantly, even the best solutions cannot always deliver if they are not managed properly. It’s important to evaluate your solutions and assess their effectiveness, their cost, and whether they are being managed well.
- Am I up to date on the current landscape? Organizations need to stay one step ahead of threat actors. Since they’re always improving their ‘game,’ this means CISOs need to do the same, and keep up to date on the ever-changing landscape. Unfortunately, many try to do the bare minimum, and think they’ll stay safe. However, whether you are the CISO of a Fortune 1000 company or the owner of a small eCommerce website, the “it will not happen to me” approach can be disastrous. The question is not “will it happen?” but “when will it happen?” – meaning security leaders need to educate themselves on newly-discovered vulnerabilities, the latest threats and even possible weaknesses in current security solutions. Too many CISOs aren’t aware of what can directly impact them–and that just a few hours spent per week reading up on news and relevant blogs, going to events and talking to people in the cybersecurity industry can mitigate issues down the road.
- Am I using the best approach? If your organization is still using on-premise web security, perhaps it’s time to consider an alternative. Cloud-based web security has become a mature industry. It has many advantages over the traditional on-premise approach, and solves the frequent issues discussed above – including cost, effectiveness and remote management.
In 2020 and beyond, organizations will continue to fight hackers, online extortionists, state-sponsored attackers, and other threats. It’s more important to determine the right strategy and keep your organization safe and secure. With no one-size-fits-all approach, it’s key that CISOs and security leaders consider their solutions, know when to leverage external resources, and keep strengthening their defenses against ever-growing malicious threats.