Generally, the chief information security officer (CISO) is thought of as the top executive responsible for information security within organizations. However, in today’s remote work environment, the need to expand security beyond one department or the responsibilities of CISOs is more important than ever. Due to the pandemic, the physical barriers of the office have been removed and the threat surface has exponentially expanded leaving more endpoints to be attacked. In this scenario, each employee’s home office has become a new potential risk, which is why building a strong security culture within organizations should be a priority.
Eighty percent of companies say that an increased cybersecurity risk caused by human factors has posed a challenge during the COVID-19 pandemic, particularly in times of heightened stress. This is according to Cyberchology: The Human Element, a new report that explores the role employees and their personality play in keeping organisations safe from cyber threats. Including that:
A CEO will last 8.4 years in the position, while a CFO clocks in at 6.2 years in average length of tenure. But a look around the boardroom will tell you that longevity isn’t in the cards for overworked, overwhelmed CISOs, with most only spending an average of two years in the role before calling it quits. This trend is no coincidence - CISOs are at the top of the list for burnt out, especially this year, as organizations accelerated digital transformation nearly overnight and employees continue to work remotely.
The British Interactive Media Association (BIMA) recently revealed that tech workers are five times more likely to suffer from a mental health problem than the wider population.
Nominet’s latest CISO Stress Report has also revealed that almost nine in ten (88%) chief information security officers (CISOs) consider themselves under moderate to high stress levels. The same report revealed that CISOs lose on average $35 000 a year in unpaid overtime, while increased stress levels have resulted in a 26-month tenure on average.
Companies need to tangibly improve employee well-being, particularly when it comes to their security professionals. Here are three measures security leaders can incorporate into their organization now, before employees hit a breaking point.
To ensure the deployment of enterprise-class registrars and additional best practices, organizations need to establish what we can call a “Domain Security Council.” Through such a council, CISOs collaborate with corporate C-suite members to identify, implement and continuously monitor/improve upon domain security policies and procedures.
Digital Guardian announced Tim Bandos will become Chief Information Security Officer (CISO). Bandos will bring more than 15 years of experience to the position including his five years as VP of Cybersecurity at Digital Guardian. Prior to joining Digital Guardian, Bandos was Director of Cybersecurity for Dupont where he was responsible for overseeing internal controls, incident response and threat intelligence.
Why are CISOs constrained from delivering metrics at scale and why is producing good security metrics so difficult? Here, find out what the five stages of security metrics maturity are, and how you can achieve a mature security metrics program.
Survey finds CISOs highly interested in automation to address major concerns about doing more with less, preparing for audits remotely and speeding evidence collection
September 18, 2020
Shujinko announced the results of a survey of North American CISOs documenting the challenges facing security and compliance professionals preparing for a wave of upcoming audits. The survey, a joint effort between Shujinko and Pulse, found that calendars for security and compliance audits are largely unchanged despite COVID-19, yet the pandemic is straining teams as they work remotely.