As this year comes to a close it is clear the cyber threat environment continued to evolve and remains a formidable challenge to every CSO and CISO. Few people with an inside view of CSOs and CISOs operating environment would argue that their world is increasing in scope and complexity at a high rate. This increase is being driven by a number of factors. A general review of this topic resulted in several common drivers of complexity in the cybersecurity domain. Here is a list of five of the more common complexity drivers.
Common Complexity Drivers
- Regulations and internal rules
- New and emerging technologies
- Developing solutions to the current problem set
- Human resource challenges, including recruiting & continuing education
- The ever increasing number of threats particularly sophisticated threats
These are five of the many drivers of complexity in today’s cybersecurity environment. Looking at what the industry analysts are projecting, the complexity of an organization’s technology environment will continue to increase for the foreseeable future. There are way too many drivers of contributing to the dramatic increase in complexity in the cybersecurity environment to list. Some are very industry specific. While not mentioned frequently, I believe the increased involvement of the Board of Directors in cybersecurity issues is contributing to the overall stress of the job. After all, some board members do not understand many aspects of technology and the operational challenges of the growing threats we face in the cybersecurity environment.
FACT: Maintaining a properly sized workforce and continuously updating their skill sets is a growing problem particularly in the cybersecurity area due to a shortage of some skill sets. This will continue to be a problem in the near term.
It is clear that this challenging environment is taking its toll on most if not all of those involved in cybersecurity. ver heard of technology fatigue? Note: a short time ago CSOs and CISOs issues were identified and termed alert fatigue. While that is true, it is only one of the many factors that is currently driving the fatigue factor. While it is still an issue, other factors should be considered that may be more significant. In the 25+ years I have been involved in technology, I have never seen so many emerging technologies coming into play at the same time. Usually we see one, maybe on rare occasion two, but never before have we seen the number that appear to be on the threshold of moving into the accelerated adoption and advancement stage of their evolution – some put the number at 10. Things will change given the impact all those new and emerging technologies are bound to have on organizations. That will likely increase the workload of nearly every CSO and CISO.
INSIGHT: It is important to remember the digital transition has just begun and that will bring with it new challenges, issues and opportunities that will impact CSOs and CISOs.
The criticality of the CSO’s and CISO’s role has never been as important as it is today. All of this can lead to a number of issues, including slow or otherwise impaired decision making, chronic lateness, snappiness and irritability, as well as questionable judgement. Left unaddressed this is likely to lead to mistakes, burn-out and increased turnover and that is something organizations can’t afford!
Given the likelihood that 2017 will be another record year for new strains of malicious software, notable cyberattacks and data breaches and the growth of insider threats, the cybersecurity environment will get much worse before it gets better. CSOs and CISO should take action now and become proactive to the extent possible. If a close confidant or thought partner seen you exhibit any of the traits listed above, ask them to pull you aside and tell you! You do not want to exhibit any of those traits – it could be very detrimental to your career.