Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementSecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

The Biggest Cybersecurity Mistakes CISOs Might be Making Today

By Eyal Hayardeny
THE CSO, the Enterprise leader
April 17, 2020

As more organizations move to the cloud, the need for airtight security has become paramount. As threats evolve and become more sophisticated, mitigating hacks and malicious attacks has become very difficult. And for many Fortune 1000 CISOs, some still believe that managing their security in-house or on-premise is safer and more cost-effective—when the opposite can very well be true.

In fact, even if a Chief Information Security Officer (CISO) performs 99 percent of their tasks perfectly, there is still plenty of opportunity to make mistakes. That last one percent can ultimately be their downfall. When companies have unpatched vulnerabilities, or incorrect configurations, or other holes in their security tactics (not to mention the "set it and forget it” mentality after deployment)—security management can quickly become a CISO’s nightmare.

This is why it's so important for leaders to consider the following when developing the right security approach for their organizations. 

  • How much time can I give? Managing a security solution takes time and to be the most effective, it must be monitored daily. Even beyond the initial setup, this requires keeping the solution up-to-date, adding new rules and ACLs, and continually monitoring for new threats. The person in charge of this is usually the CISO, but it’s easy for this to quickly fall off as the number one priority. Perhaps someone else (who can be fully dedicated) should be chosen instead. Of all areas of responsibility, cybersecurity is one that has zero tolerance for error. Anything less than perfect performance, 24/7/365, can eventually be catastrophic.
  • Can my team manage our security solutions effectively? Administering security solutions can be tedious, time-consuming, and error-prone. Most solution providers offer some sort of management service that will handle a solution for you. In effect, this increases the size of your team. You get additional team members, who are experts in cybersecurity, fighting off malicious elements on the web. This saves you time (because your team doesn’t have to administer the solution anymore), and it gives you better results (since the administration is done by experts). In an era of ever-more-complicated security products and evolving hacks, this can be a real game changer in remaining safe.
  • Am I incurring unnecessary costs? While many executives believe that spending a lot of money on a high-powered security solution equals good protection, the most expensive solutions are not always the best. Most importantly, even the best solutions cannot always deliver if they are not managed properly. It’s important to evaluate your solutions and assess their effectiveness, their cost, and whether they are being managed well.
  • Am I up to date on the current landscape? Organizations need to stay one step ahead of threat actors. Since they’re always improving their ‘game,’ this means CISOs need to do the same, and keep up to date on the ever-changing landscape. Unfortunately, many try to do the bare minimum, and think they’ll stay safe. However, whether you are the CISO of a Fortune 1000 company or the owner of a small eCommerce website, the “it will not happen to me” approach can be disastrous. The question is not “will it happen?” but “when will it happen?” – meaning security leaders need to educate themselves on newly-discovered vulnerabilities, the latest threats and even possible weaknesses in current security solutions. Too many CISOs aren’t aware of what can directly impact them–and that just a few hours spent per week reading up on news and relevant blogs, going to events and talking to people in the cybersecurity industry can mitigate issues down the road.
  • Am I using the best approach? If your organization is still using on-premise web security, perhaps it’s time to consider an alternative. Cloud-based web security has become a mature industry. It has many advantages over the traditional on-premise approach, and solves the frequent issues discussed above – including cost, effectiveness and remote management.

 

In 2020 and beyond, organizations will continue to fight hackers, online extortionists, state-sponsored attackers, and other threats. It’s more important to determine the right strategy and keep your organization safe and secure. With no one-size-fits-all approach, it’s key that CISOs and security leaders consider their solutions, know when to leverage external resources, and keep strengthening their defenses against ever-growing malicious threats. 

KEYWORDS: Chief Information Security Officer (CISO) cyber security data breach risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Eyal Hayardeny is Co-founder and CEO of Reblaze. Prior to Reblaze, Eyal was the President and CEO of Shamir Optical Industry, a dual-listed company traded on the Tel Aviv Stock Exchange and the Nasdaq Stock Exchange. Mr. Hayardeny is also a board member of Mercantile Discount Bank Ltd., and is the owner and chairman of Lardan Group, which holds several companies in different fields. Mr. Hayardeny holds an MBA degree and a BA degree in Economics and Accounting from Bar Ilan University.

 

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • SEC0918-edu-feature-slide1_900px

    The Biggest Email Security Challenge Facing Organizations Today

    See More
  • Top 3 Misconceptions About Data After Death - Security Magazine

    How organizations can avoid today’s biggest SaaS data security issues

    See More
  • security data freepik

    People continue to be the most critical factor in today’s cyberattacks

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing