While digital transformation fuels the focus for investment, information security is evolving faster than ever before. The workforce is becoming more tech savvy, new and disruptive technologies are reaching maturity, rapid growth in cloud adoption as well as increased 3rd party vendor relationships; the modern CISO must be a business leader, enabler and partner to the enterprise.
In addition to the ever changing issues around governance and compliance, organisations are falling victim to increasingly sophisticated threat campaigns. With the EU GDPR deadline drawing closer, it’s a balancing act for a CISO of today to protect data and manage vulnerability whilst under unprecedented scrutiny to overcome regulation; what systems to use and what resource to allocate without detriment or burden to the other.
GDPR has been on every Information Security professional’s mind for what feels like forever but finally the new legislation has come into play. There has been a lot of speculation about the aftermath and with complaints filed against leading tech corporations in the first week it is evident the new regulations are being taken very seriously. It is important for all organisations to be compliant, or as compliant as they can be.
Hackers are showing no sign of retreat and are beginning to use AI and machine learning to outsmart defence systems. Whilst legacy systems are still in place in many organisations and others moving whole systems and networks to the cloud – hackers can take advantage of weak points in the structure and gain access with ransomware remaining a common threat. Phishing attacks are becoming increasingly sophisticated and there are still stories published regularly about Executives falling into the trap. Not only are CISOs having to monitor the insider threat but they are also still struggling with a skills gap in the industry with limited qualified professionals in the workforce.
However, it is not all doom and gloom for CISOs – awareness is increasing at board level about the importance of investing in security which is leading to profound change and transformation within the industry and it is more important than ever for CISOs to share experiences and solutions to these growing threats.
Time is maximised onsite though a combination of:
Investigating future threats: what is coming next?
Exploring the cloud and Information Security
Exploring procedures to minimise the effects of cyber attacks
Creating a strategy to monitor third party activity
Deciphering an effective strategy to operationalise threat intelligence
Adopting a cost-effective method for monitoring cyber hygiene
Analysing the best incidence response strategy for a security breach
Making the internet of things safe
Information security and technology: discovering how machines can help your security