3 cybersecurity challenges keeping CISOs up at night

The main challenges facing Chief Information Security Officers (CISOs) include identity management, data inventory and the complexity of the cybersecurity landscape.

Analysis from Veridium and TAG Cyber determined what keeps CISOs up at night in 2022, chronicling the latest cybersecurity threats facing businesses today.

Security challenge 1: Identity

A major root cause of nearly every major cyber breach observed over the past few years has been an insufficient set of controls related to identity.

The traditional method of issuing user IDs and passwords has been shown to create environments rich in account takeover and fraud. Instead, CISOs who support online user engagement have had to create programs that analyze user behaviors, develop advanced verification methods, and do so consistent with regulatory and compliance objectives.

Another aspect of the identity challenge is the internal friction that slows business processes and adds complexity to routine employee tasks and responsibilities. One such example is the continuing reliance in the banking sector for branch floor personnel to carry physical identity tokens. Replacement of lost tokens and trips home to retrieve forgotten ones are routine. Other sectors present similar problems around physical identity schemes.

Security challenge 2: Inventory

A second major issue for CISOs that not only keeps them up at night, but also causes considerable tossing and turning for IT operations executives involves inventory. This includes both an inventory of assets such as devices and endpoints, as well as data. While it would seem so obvious that inventory must be properly managed as a foundation for all security controls, it tends to be neglected by most enterprise teams.

The most common issue that emerges with respect to inventory involves data sprawl. An organization might have started one or more decades ago with a reasonably manageable inventory. But growth of data creation, minimal data removal, corporate actions (such as mergers), third-party data creation, explosion of app usage, and expansion to cloud and Software as a Service (SaaS) have all contributed to inventory sprawl.

Security challenge 3: Complexity

A third and perhaps the most important challenge that keeps CISOs up at night these years involves complexity. This refers to the difficulty any person or group has in understanding the IT infrastructure, security systems and business processes of an organization. Every CISO knows that complexity in these areas always implies insecurity — and, in recent years, complexities have abounded.

A reasonable test for the level of complexity in an organization involves the simple question of whether a security team has schematics for the network infrastructure, deployed systems and applications, and all stored data (obviously related to the inventory problem managed above). If a CISO does not have diagrams of how the enterprise network has been arranged, then things are simply too complicated.

For more information on these security challenges, click here.

Dr. Edward Amoroso is Chief Executive Officer of TAG Cyber LLC. He recently retired from AT&T after 31 years of service. Founded in 2016 by Dr. Amoroso, TAG Cyber provides research and advisory services to hundreds of enterprise and government customers around the world, as well as democratized support for commercial cybersecurity vendors.