The Top CISO Stories From Around the Web: February
From the CISO’s struggle with their new role that comes with C-suite status to “10 Security Metrics Categories CISOs Should Present to the Board” from a new book for CISOs by CISOs, there were plenty of news stories this month that highlighted the most pressing issues CISOs are facing. Here are the top 5 CISO news stories that emerged this February:
1. “10 Security Metrics Categories CISOs Should Present to the Board”
Source: Dark Reading
This story lists ten metric categories that Homaira Akbari, CEO of global advisory firm AKnowledge Partners, and Shamla Naidoo, head of cloud strategy for Netskope, discussed in their book, The Cyber Savvy Boardroom. Metrics, they suggest, can help CISOs become more transparent, allowing for quick breach disclosures and more thorough reports of cybersecurity activities and outcomes. Some of the metrics included are People, Enterprise Applications, and Incident Detection and Response. Metrics can help a CISO gain insights into their security posture, but it's important to keep in mind the end goal—“...security leaders need to be able to roll up these metrics into assessments and dashboards that are easy to digest.”
2. “CISOs from the NFL, Choice Hotels, and Domino’s talk about the pros and cons of AI”
Source: SC Magazine
This story is about the CISOs of Choice Hotels, Domino’s, and the National Football League and their opinions about AI. One opinion from Choice Hotels’ CISO, Jason Stead, was that if a cybersecurity product does not have AI capabilities he is not likely to purchase it. Domino’s CISO, Andrew Albrecht, relates how AI can take over 90% of detection and remediation then it's less busy for the team and they can have better focus with the few threats that need more attention. Tomas Maldonado, CISO of the NFL offers an insight into how it's important to use AI so that resources are allocated effectively and functionally. The article ends on a positive note assuring us that “Despite the risks of AI on security posture, I’m optimistic about its defensive potential, as are my CISO peers.”
3. “Gartner: Three top trends in cyber security for 2024”
Source: Computer Weekly
This is a thorough and thoughtful article that has many great pointers and tips. It explores three themes: Generative AI, CTEM programmes gaining momentum, and Evolving IAM to improve cyber security. Generative AI and the risks associated with it are discussed and explained. Continuous Threat Exposure Management (CTEM) programmes are encouraged for various reasons. Evolving Identity and Access Management (IAM) to improve cyber security is also well explained and supported. It ends with a great plan for 2024.
4. “How AI can strengthen digital security”
Source: Google
Google believes AI can reverse the “Defender's Dilemma.” Google believes in keeping AI secure so they don't further impose the “Defender's Dilemma” on themselves. Also, Google wants to support the use of AI and limit attacker’s access to AI to stay ahead of them. Of course, Google is also enthusiastically supporting research into AI.
5. “How to navigate CISOs newest job requirements”
Source: Security Magazine
This article offers three ways to improve communication with the C-Suite about cyber threats and priorities. The first way is to tie cyber threats back to the bottom line. If the bottom line is mentioned when describing the threats it's easier to grasp their impact. Another way mentioned is to Anticipate questions before they're asked. This helps with conveying an organized understanding of both threats and the C-Suite’s main concerns. Making soft skills part of the job description is the third way described. This means to be open-minded and approachable. Overall this article sets CISOs up for presenting and communicating successfully.