The cybersecurity landscape is continually evolving, and with it are the responsibilities of those within the sector. Communication internally and collaboration externally are two practices that are key to a strong foundation in cybersecurity.
Due to advancements in the methods used by malicious actors, cybersecurity is now an organisational challenge and priority for every business. New ways of breaching company security through lower-level employees or third-party affiliates are now commonplace. The need for efficient and regular communication from CISOs to the rest of their organisation surrounding best cybersecurity practices is paramount.
Furthermore, liaising with c-suite professionals at different organisations within the same field – or even different fields of cybersecurity – has become a crucial part of maintaining a more safe and secure environment. Using discussion boards and forums for collaborating and gaining insights from your peers is a great way to learn and perfect your own cybersecurity practices so that everyone is safe.
Communication
Historically, the role of the CISO has demanded a fervent dedication to security. Today, contemporary requirements extend beyond mere security expertise. Effective CISOs must also excel in communication. The changing CISO skillset is by no means a new conversation. Indeed, over the past decade, there has been a gradual but notable shift in what the role entails.
The key to being a modern CISO isn’t entirely cyber-related. Instead, it is about having the ability to understand and distinguish between the different modes of communication required to serve the ever-expanding needs of the workforce and business. The cybersecurity world is being faced with a faster-evolving threat landscape than ever before, therefore communicating risk is crucial for any CISO looking to keep their organisation secure.
This in-house communication on cybersecurity practices and risk has become commonly known as cybersecurity culture. Creating a cybersecurity culture within your organisation involves making sure every single person in the company knows of the cyber-risks associated with their job. It is viewed as a culture because it is crucial that the whole organisation is aware and alert of potential risks; from the board of directors to lower-level employees and third parties. Cyberattackers are increasingly finding ways to target these traditionally less informed individuals as a way of infiltration into a company’s data.
Communication upwards
As the threat landscape widens, CISOs and the board must work closely and effectively to ensure they remain focused on the same goal: building a company-wide security culture and protecting their people and data.
Marc Lueck, CISO EMEA, Zscaler: “There has been an industry-wide focus on the growing role of CISOs as educators for their board of directors. As more governments consider sweeping cybersecurity regulations, organisational leadership is looking to CISOs for guidance on how to react.
“Staying on top of the latest cybersecurity developments is challenging, and predicting the legal and financial implications of various existing and proposed cybersecurity legislations can be particularly mind-bending.
“Trying to ensure an organisation’s cybersecurity posture complies with these regulatory environments could be its own full-time job. Part of the challenge CISOs face is knowing how to get the board to understand what the real risk to the organisation is and avoiding any moments of panic that board members so often experience when threat risk is communicated too late or without a recovery plan in place. With the pace of regulatory change not likely to slow, the ability of CISOs to communicate upwards will be vital for continued business success.”
Communication sideways
In every business, CISOs and CIOs naturally have their own differing agendas, duties and priorities. However, it’s crucial that both roles also acknowledge the growing number of common goals they also share. As IT and data security become increasingly intertwined, the ability for CISOs and CIOs to collaborate effectively in pursuit of common business goals has become a key factor in determining how well organisations can protect their data, optimise operations, and ultimately, help ensure their long-term future is secure.
Javier Dominguez, CISO, Commvault: “The dynamic between members of the C-suite, particularly the CIO and CISO, now plays a pivotal role in everything from an organisation’s strategic cybersecurity spending to its overall incident response plan in the event of a data breach.
“It’s not surprising that the collaboration between CIOs and CISOs has significantly evolved in recent years. As cybersecurity continues to gain traction on the corporate agenda, it’s become clear that old, siloed approaches simply aren’t viable today.
“By aligning behind common organisational goals, CIOs, CISOs and their respective teams can quickly start to establish working processes and practices that benefit everyone involved. This level of co-operation also enables teams to navigate the increasingly complex digital technology landscape together and identify the best solutions to meet evolving business needs, delivering a crucial advantage over competitors.”
Communication downwards
Downwards communication is arguably the most important type of communication. The World Economic Forum found that human error leads to 95% of all cybersecurity incidents. CISOs need to communicate regularly and efficiently to the non-cybersecurity related teams in their organisations.
Andrew Rose, CSO, SoSafe: “With so many common threats requiring human interaction, the modern cybercriminal no longer needs to hack into an organisation. Today’s threats focus on the weaponisation of trust and use email as the major attack delivery platform.”
Adam Burns, Director of Cybersecurity, Fortra: “Responsibilities for cybersecurity extend way beyond the CISO, across the security team and to every IT user in the organisation, from executives to interns and even wider network stakeholders such as business partners. Therefore, CISOs must build a culture where all team members share the vision and goals of the programme and are clear on their individual role in company safeguarding. It’s most effective when this messaging comes from the top down.
“It’s important to maintain continuous training while managing a new security initiative, especially when onboarding new employees. A risk assessment performed together with phishing exercises will keep security front of mind for employees.
“The CISO is the biggest influence on company security behaviour and decisions. When workers are stuck in their ways, it can be a challenge, but tightening up vigilance and promoting a security-first culture across every department and job role will keep the hackers at bay.”
Collaboration
After facing new and unique challenges, peer support among security professionals has strengthened. We’ve seen a growing openness to knowledge and idea sharing in CISO forums, with security leaders sharing challenges and discussing best practices in a safe space. As the attackers have grown together, so has the cybersecurity profession. Collaboration is the key to success and by working together CISOs form a stronger alliance and crucially, have the capacity to respond jointly to such attacks.
Neil Thacker, CISO EMEA, Netskope: “Collaboration has always been integral to combatting cybercrime. Crime does not respect borders so organisations cannot operate in silos; they must work together to share information and best practices if they are to give themselves the best chance of identifying and resisting threats as they emerge.
“We cybersecurity professionals need information on the latest threats in order to effectively protect our organisations. Speeding up the delivery and dissemination of threat intelligence is therefore crucial.
“This collaborative effort aims to rise above the isolating nature of working in competition, instead combining knowledge that will allow organisations to improve their threat protection capabilities. By sharing real-time threat intelligence across security touchpoints, we can produce actionable insights that will reduce the time taken to protect and further narrow gaps in an organisation’s armour.”
Thacker continued on to highlight the importance of collaboration with vendors, saying: “Historically, security vendors worked in pursuit of their brand being the sole or primary provider of a customer organisation’s security estate.
“Fortunately, however, the benefits of collaboration between vendors are now widely recognised and the growth of cloud and APIs have opened up greater opportunities for vendors, who are now much more open to working together. Collaboration reduces the time between new threat discovery and protection implementation, allowing organisations to keep up with the ever-evolving threat landscape.”
To facilitate this cross-company collaboration, many cybersecurity executives are part of networks or forums where they collaborate with their peers from other organizations. These forums provide a platform for executives to share insights, discuss common challenges, and learn from each other’s experiences. They also encourage joint threat assessments or coordinated response strategies.
The benefits of threat intelligence sharing are manifold. As valuable as data is on its own, its power is magnified when it’s shared.
Share this article