Although a relatively new corporate position, Chief Information Security Officers (CISOs) are becoming an integral part of the corporate hierarchy as enterprises begin to take security concerns more seriously. It’s a smart move considering that in 2019 security breaches cost companies on average $3.92 million. Now in 2020, CISOs are facing accelerating old threats along with some brand new ones. Here are the top eight CISO concerns of 2020:
1. Hackers and Adversarial AI
In a recent study published by Fortinet, when asked what to expect in terms of threats in the new year, CISOs named hackers as their biggest concern. They expressed particular concern about hackers arming themselves with adversarial AI systems capable of breaching networks entirely undetected.
2. Expanding the Attack Surface (Data from Many Sources)
Many companies are shifting from storing their data on site to hosting it in the cloud, which while newer, is less secure and creates a myriad of ways for hackers to invade systems. Multiple clouds, growing mobile connectivity, proliferating IoT devices, and software-defined networking (SDN) combine to form the perfect storm for an attack. CISOs need to be prepared to combat security threats on a variety of fronts. Thus, CISO’s need a single screen that — at a glance — shows multiple streams of network traffic to keep track of what’s going on.
3. Lightning-fast Change
Organizations are racing to outpace their competitors, better serve their customers, and get a handle on new security technologies. With the advent of the Internet of Things (IoT)in particular, cybercriminals are finding easy new entry points to targeted networks. Coupled with the acceleration of mergers and acquisitions, this rapid pace of change has created a virtually borderless world of data. As borders get erased, cybersecurity threats and third-party risks grow more imminent.
4. Lack of Developed Security Professionals
A well-developed cybersecurity team poses the most reliable threat to hackers. However, because global demand for IT security professionals has outstripped supply, positions can be hard to fill. Gartner predicts that the number of unfilled cybersecurity roles will hit 1.5 million by the end of 2020. Lacking a solid support team can distract a CISO from critical issues, reducing resources to properly manage cyber risks. It’s not just having warm bodies to fill the roles that are a problem, however. In Fortinet’s Global Internet Security Survey, 40% of businesses expressed an increased need for employee learning and development, including teaching awareness of security threats and tactics to prevent them. And fully 20% of respondents in the survey cited a lack of development as a factor that leads to stress and burnout. Helping security professionals stay on top of the latest changes in the industry is also a major concern for CISOs this year.
5. Human Error
People are the weakest link in the network security chain. For instance, an employee who falls for a phishing scam can introduce malware into the company’s network. Or a staff member can access sensitive information on their mobile device while connected to public networks, elevating the risk of a data breach and letting hackers dodge even the most sophisticated systems. Disgruntled employees may also choose to leak confidential information, making the complete security of company information virtually impossible.
One employee’s reckless action can leave CISOs vulnerable as the CISO is responsible for all aspects of IT risk management. Of course, CISOs cannot control each employee’s actions, yet those very actions pose the greatest security threat to the organization. This discrepancy will be keeping many CISOs up at night. That’s why they need to review corporate information security policies regularly and proactively introduce new training materials to educate employees on cybersecurity risks.
6. Budget Constraints
IBM puts the average cost of a data breach at $3.92 million. Ironically, however, cybersecurity isn’t top of mind at most organizations when budget line items are getting funded. Often that’s because it’s difficult to show a clear return on investment. At smaller organizations or local governments, the problem may simply be the lack of financial resources to reduce cyber threats. Although cybersecurity risks are growing in prominence and corporate boards are taking a greater interest in these threats, many CISOs still have difficulty securing larger budgets.
CISOs face increasingly stringent data protection regulations driven by the dual threat of privacy invasions and increasing cyberattacks. Consequently, corporate security leaders must align their organizations’ security structures with new, often extremely rigorous proposed laws in addition to meeting the incumbent regulations.
8. Challenges Compound
The three challenges noted before—hackers, an expanding attack surface, and the opportunities needed for a security team—are compounded by the current technological landscape. The speed of technological growth and its resulting complexity means the major threats CISOs have to manage will only grow with time.
CISOs will face new security challenges each year, requiring them to keep pace with the constant revolutions of the technology world. This pace, however, is accelerating rapidly. The Fortinet survey mentioned above noted additional issues CISOs raise concerns about, ranging from risk management to strategy security tool proliferation and cybersecurity awareness. These increasingly varied risks in 2020 will put CISOs in an unenviable but critical position in the corporate hierarchy.