Is a more holistic approach on the horizon for CISOs, who have traditionally focused on the minute details related to asset protection above all else?
Emerging trends and insights point to an emphatic yes, including a Gartner projection that the information security and risk management products and services sector will grow by 11.3% in the coming year in light of a marked increase in major data breaches impacting companies like Apple, Meta, and Twitter.
A more holistic approach that encompasses oversight of critical apps, data, and processes related to business function could reduce risk while saving money, according to a recent CIO article. In other words, shifting from a risk assessment approach that primarily focuses on IT systems to a more business-oriented approach can help companies uncover cost savings while improving their overall security posture.
As David Christensen, VP and CISO at benefits admin software provider PlanSource, told CIO, “If you look at security from a purely technical perspective, it’s easy to get lost in, `I need to have this shiny object because everyone else has it. The reality is often the most popular or well-known new security solution can waste money and slow the business, especially if it doesn’t align with business goals. And even if it helps secure one part of the business, it may not be part of the business or business process that creates the most risk or is most important.”
Failing to look beyond security capabilities can lead to trouble, as evidenced by the firing of a CISO who was let go after recommending expensive endpoint detection and incident response programs for the startup where they were employed. Frank Kim, CISO at venture capital firm YL Ventures and SAN Institute Fellow, commented on this incident in the CIO article. “Their focus was on survival and revenue growth,” Kim said. “He didn’t realize his job was not just to suggest a bunch of new security capabilities, but business enablement.
Kim suggests adopting an approach that accepts security as a cost center where the CISO manages the total cost of ownership over time. For example, this could include updating CFOs and CEOs on specific cost reductions (like reducing spending with a specific vendor, sourcing less expensive security products, and improving metrics related to the cost of mitigating a vulnerability).
Ultimately, CISOs will need to adapt to a role based on a greater understanding of business needs. Prioritizing security spend alongside spending on key processes and non-IT assets can help CISOs develop a risk calculation based on the likelihood of particular impacts within the framework of overall business needs.
Communication, too, is key when it comes to aligning security and business needs spending. Effectively explaining the current threatscape to board members and CEOs in relation to business risk is critical.
MixMode Helps CISOs Bridge Security and Operational Needs
MixMode’s Third Wave AI platform empowers SOCs to work more than 20x more efficiently by detecting attacks 10x faster. The platform is truly next generation, combining the benefits of SIEM, NTA, UBA, and NDR and augmenting them further, to allow security teams to not only detect threats more efficiently but to gain better visibility, significantly decrease cost and minimize risk, all in a single, purpose-built platform.
Schedule a demo to discuss your business needs and learn how MixMode can help.
Other MixMode Articles You Might Like
Persistent Ransomware Attacks on Cities Underscores Need to Upgrade to Real-Time Threat Visibility
The 2 Questions Cybersecurity Clients Ask the Most When Seeking a Trustworthy Provider
Delivering Generative AI to Cybersecurity for Over 3 Years
MixMode Selects CrowdStrike as Cybersecurity Partner, Joins CrowdStrike Elevate Partner Program
How the City of Phoenix Rapidly Modernized its Cybersecurity Defenses