Top 5 cybersecurity questions for the CISO in 2018

CISOs face many challenges as they plan for 2018. These five questions will help guide strategic discussions in a demanding year ahead.

question man
Thinkstock

As a CISO, you are up against a growing threat landscape, a shortage of skilled cybersecurity professionals, and non-technical employees who lack awareness of cybersecurity best practices. In 2018, every CISO must make some critical decisions related to the security of their organization.

Let’s explore some of the top questions that a CISO or CSO will ask in the year ahead.

Will global compliance and regulations affect the organization?

For any CISO working in a multinational organization, global compliance and regulation efforts will become a focal point in 2018. The European Union’s General Data Protection Regulation (GDPR) has set the stage for the global protection of consumer data privacy. Companies that hold EU consumer data will need to comply and report security breach incidents even if is not headquartered in the EU. Companies that do not sufficiently report on data breaches may face fines up to four percent of Adjusted Gross Revenue (AGR). The U.S. Senate is even working on a new bill called the Data Security and Breach Notification Act. This new piece legislation would aim to impose a five-year prison sentence on individuals within the organization that conceals a data breach. This comes in the wake of the Uber data breach that was covered up for some time.

As a CISO, you may need to dust off your security policies and ensure they are up-to-date for new regulations like GDPR and the Data Security and Breach Notification Act. You may also need to revisit your incident response plans and ensure they comply with global regulations. If you’re not currently using a security framework, such as NIST, ISO, SANS, or PCI DSS, now would be the time to align it with your compliance requirements. Global legislation like the GDPR favors organizations that use a security framework such as these. If you’re a CISO, you need to make sure that your encryption is top notch and if you already have it in place review it to make sure it’s done right. Lastly, if you’re collecting log data and analyzing it to identify patterns and proactively detect malicious network activity, then you could be one step ahead of the game.

Do you use artificial intelligence (AI) and machine learning to enhance our security defense efforts?

Security decision-making and incident pattern recognition will be significantly enhanced using Artificial Intelligence (AI) and Machine Learning (ML). CISOs can up their game on identifying exploits and vulnerabilities within their network by using the advancements of AI and ML. Both technologies will aid in reducing the complexity of analysis performed by humans in security events.

Machine Learning can dramatically help security professionals in mitigating anti-malware, using dynamic risk analysis, and anomaly detection. Hackers are also using AI and ML to create malware. So, in 2018, it will be increasingly important for a CISO to consider these technologies to stay ahead of advanced threats.

How do you mitigate advanced threats like zero-day exploits and ransomware?

In 2017, the world saw an onslaught of ransomware attacks across many industries. Zero-day exploits and ransomware attacks are reminding all information security professionals about the importance of patch management, endpoint protection or Next-Gen Antivirus (NGAV)

Patching is increasingly important at a time when cybercriminals search for vulnerabilities in firmware and applications every second of the day. A solid patch management process is what’s important. If you’re a CISO concerned about these zero-day exploits and ransomware threats, you should nail down your patch management process.

If you don’t already have an Endpoint Protection Product (EPP) or NGAV, then you should seriously consider it. These tools prevent malware from executing when it’s found on a user’s machine or server. It also learns the behaviors of the endpoint and queries a signature database of vaccines for exploits and other malware in real-time.

How do you mitigate the security risks of the Internet of Things (IoT)?

The Internet of Things (IoT) is projected to be a $3 trillion industry with 50 billion devices in use by 2020. The unfortunate reality is 70% of IoT devices have vulnerabilities, making them highly susceptible to exploits.  Every CISO should be concerned with the threats that these everyday connected devices impose on the organization.

IoT devices, such as Amazon Alexa and Google Home, are frequently brought into the organization and connected to the corporate network. Bring Your Own Device (BYOD) policies and a thorough threat hunting program is essential to mitigating these risks. Any BYOD program should also prevent end users from utilizing the WPA credentials and only offer guest wireless for these connected devices in the workplace. Lastly, if 802.1X wireless authentication is used, use a certificate as well.   Organizations must measure and benchmark the maturity of their security operations using an established framework, such as NIST, ISO, PCI DSS, or others. Consider starting with a self-assessment tools for these frameworks to help you benchmark your maturity.  

Would outsourcing your security make sense from financial and resource perspective?

Organizations are typically spending up to 10% of their overall IT budget on security but lack the internal resources to manage a full suite of security solutions and strategies. Outsourced security or managed security services is an alternative that many small to mid-size organizations are pursuing. In fact, Gartner points out that organizations are using managed security services to accelerate the maturity of their security programs when faced with a limited amount of time and internal resources. Gartner predicts that spending on security outsourcing services will total approximately $18.5 billion, an 11 percent increase from 2017.

As a CISO, you may want to explore the Managed Security Service Provider’s capabilities, including their security intelligence feeds, threat hunting programs, threat detection and response capabilities, compliance and regulatory expertise, and security infrastructure used to support their operations.

As you move into 2018, asking questions around these core topics will become increasingly important for mature security operations. You can use these questions to guide your discussions within the C-Suite and your Board and help you confidently manage security incidents in the year ahead.

This article is published as part of the IDG Contributor Network. Want to Join?

NEW! Download the Winter 2018 issue of Security Smart