7 security incidents that cost CISOs their jobs

Whether or not security executives lose their jobs in the wake of a major incident, security failure should be seen as a learning opportunity.

1 2 Page 2
Page 2 of 2

Likewise, organizations may think they’ve learned plenty from going through an incident, but the proof is often in the pudding of implementing changes while the experience is still fresh and people are focused. “If they actually took the time to analyze what went wrong and really learn from it, then company should feel stronger because obviously, they've learned something out of the process,” says Purser. “Where it becomes problematic is, of course, if you really don't learn anything out of it. it all depends on the company's ability to analyze itself, to take the thing apart, and to define corrective measures, to revamp procedures, technology, tools, etc. so that they're better prepared the next time.”

“In my past experience where companies fell down is that they did a great analysis, but new priorities got in the way,” Purser says. “The follow up and the making sure that you implement the lessons learned is obviously the key to everything.”

Simulations and information sharing are safer learning experiences

Purser adds that exercises and simulations are a useful learning opportunity for CISOs and their organizations and come with less risk than relying on actual incidents. As part of his role at ENISA, he helps run security exercises against member states and their organizations as part of the EU’s efforts to improve the cybersecurity posture of the EU.

“I think simulations are essential,” he says. “They have incredibly valuable in learning about what does and what doesn't work as an operational level [during ENISA’s exercises]. It really reveals the weak points on the ground. What I learned early on in my career is that without exercises, you tend to have an over reliance on documents. Not enough practical experience means you don’t know where documents fall down and difficult to find out where your procedure is weak. Exercises are the key to that.”

The Symantec study found that that security professionals were more likely to discuss personal experiences with peers outside the organization if they had gone through a breach, yet the majority feel there isn’t enough cross-industry sharing of cybersecurity intel. Purser says that while there is a huge amount of tactical information — almost to the point of overload — there is a distinct lack of strategic information because of the effort involved to collect, analyze and turn into something useful for decision making.

“It's all about communication. It's about understanding what you're dealing with. It's about making sure the right information gets to the right people at the right time to solve a particular problem,” Purser says. “You might be unfortunate enough to be caught out by a breach, but if you're clever in dealing with it and you have the presence of mind to keep a record of what went wrong, it can really teach a lot about processes and how they can be improved.”

Copyright © 2020 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
The 10 most powerful cybersecurity companies