The Top CISO Stories From Around the Web: April
From How Google Cloud’s Office of the CISO is shaping the future to a report that only 5% of businesses have a cyber expert, there was a mass of news stories this month related to the plights and success stories that CISOs are experiencing. Here are the top 5 CISO news stories that emerged this April:
1. “The Stakes Are Rising: Why CISOs Need To Rethink Their Relationship With The Board”
Source: Forbes
As the stakes are rising for CISOs, their responsibilities, it seems, are metastasizing. It is at the same time enthralling and terrifying to be at the center of such a field. This story explores how the need to counsel the board has evolved to be more challenging and important. It starts off describing how only showing data can lead the board to have false confidence because they may base their faith on things like compliance. CISOs need to provide the board with the bigger picture as well. This article provides three tips. The fist one is to describe risk from a perspective that is informed and with a broad understanding of how the risks will affect the organization. The second tip is to put risk impacts in the form of potential monetary loss is helpful for the board to give meaning to the threat and help them understand the priority of the risk within the business as a whole. The third idea is for CISOs to give recommendations of how the organization can be proactive in mitigating the risks that they have. Throughout all three tips, it is stressed that data is crucial and should be used to support the CISO’s assertions.
2. “CISO role shows significant gains amid corporate recognition of cyber risk”
Source: Cybersecurity Dive
A report from Moody’s Ratings shows that CISOs are gaining more recognition. “About 90% of cybersecurity managers now report to a top-level company executive, compared with 62% in 2021.” With more updates to the C-suite and board of directors, there is more understanding and support for cybersecurity. “About 40% of cyber managers conduct monthly meetings with their CEO, according to the report.” The article also mentions how the CISO role has gained more scrutiny and responsibility.
3. “What keeps CISOs up at night? Mandiant leaders share top cyber concerns”
Source: Cyberscoop
Mandiant's Kevin Mandia, Jurgen Kutscher, and Sandra Joyce participated in a panel discussing what keeps CISOs up at night at the Google Cloud’s Next technology conference. CyberScoop listed the top concerns the trio has seen in CISOs. One concern is the increase in Zero Days. They also mention how currently AI is more used for defenders than attackers. Mandia describes how threat actors have become skilled at imitating user credentials. Joyce talked about how cyber threats have become more serious and threatening to people’s well-being. Kutscher said that some MFA methods are becoming outdated and they are creating risks. Stress/burnout and supply chain attacks are also concerns.
4. “Report finds that only 5% of businesses have a cyber expert”
Source: Security Magazine
Bitsight and Diligent reported that just 5% of businesses have a cybersecurity expert as a member of staff. A correlation between strong cybersecurity measures and higher financial performance was also reported. The report found that regulation and specialized risk or audit committees help with better cybersecurity. The article has a stress on the need for leadership that understands the importance of cybersecurity
5. “How Google Cloud’s Office Of The CISO Is Shaping The Future”
Source: Forbes
Google Cloud created the Office of the CISO to help marry Google Cloud's vast technological capabilities and industry-specific challenges. Phil Venables and Nick Godrefy led the effort with the hope to “...fostering deeper, more meaningful collaborations.” Not only useful for operational efficiency, The OCISO was built to be a place for cyber innovation. The team described in the article is industry-diverse and extremely qualified, including Alicja Cade, MK Palmore, and Taylor Lehmann. They are rooted in empathy and industry-specific knowledge.