The Age of the Modern CISO

Cyber attacks have increased substantially in the last few years and is a direct consequence of the growth in digital transformation. Organisations have focused on increasing their digital footprint by automating processes, implementing artificial intelligence, and holding data on multiple digital platforms. The growth in inter-connectivity of information gives opportunity for collaboration, communication and creative thinking, improving product development and service offering. The sharing of such equity is based on working within a trusted environment, conventionally well served by securing the digital infrastructure with robust Cyber technologies.

Chief Information Security Officers (CISO’s) have traditionally worked well in managing the Cyber Security environment. However, the role has become increasingly more challenging, as CISO’s are faced with the responsibility of safeguarding the Cyber citadel, in a constantly evolving threat landscape. Cyber Security is not always regarded as essential at board-level. Yet the impact of a Cyber attack leaves an organisation with reputational damage and significant financial loss. The impact of EasyJet’s recent Cyber attack, (May 2020) is yet unknown, but could be substantial. The Cyber attack on the telecom company, Talk Talk, for example, ran into an estimated £45 million in 2015.

Vulnerabilities to Cyber Security are multiple. According to some latest figures there are 2,500 internal daily breaches in the US alone and this has increased by 47% in the last two years. How to manage the risk of the human internal threat demands complex consideration. It requires a dialogue at board-level, strategic thinking and courageous leadership. It demands adaptive and agile decision making, an open culture in which to explore risks and build resilient parameters accordingly. The effect of the recent COVID-19 pandemic are yet emerge, but the increase in staff working from home, and being away from the digital Cyber culture, require board-level discussion in which to tackle the exposure to both technical and insider risk. Operational processes may also require review, and data classification may need to be fully explored. Ultimately, being away from the office can expose data to insecure networks and non-authorised personnel. A VPN may provide secure access to the corporate network, but the CISO cannot control who sees the data when staff are working at home. It is likely that the CISO has the responsibility of managing those risks and putting in place mitigation strategies.

Navigating through this complex Cyber-scape can be a challenging and lonely place for CISOs and can leave them exposed to Cyber trauma. The consequences of a Cyber attack can affect productivity, performance, and result in burnout. It is essential that the CISO develops their own personal resilience programme to thrive and succeed. One of the attributes of developing personal resilience is having the space to reflect on their leadership style, explore how to engage strategically and tactically within their organisation. Setting manageable goals to understand the Cyber Security architecture against the perceived risk threshold requires support from experienced and seasoned CISO mentors, who can both offer guidance, experience and techniques to enhance the skills that the CISO has to employ in their dynamic role. Much research has been done on the benefits of mentoring. It is an investment that returns numerous rewards. Having access to practical advice, encouragement and support is invaluable. As John Wooden said: ‘Mentors are available at all stages of your leadership life- early, middle and late. Seek them out and listen; absorb their knowledge and use it.’

For further information on Templar’s ‘NCSC Certified CISO course’ and ‘Executive Mentoring for CISOs’ programme, please contact academy@templarexecs.com and visit our webpage: https://www.templarexecs.com/cyber-academy

Published June 2020