Expert Insight On BT Report Confiming CISOs Under Pressure

A lack of understanding of security issues in the workplace and misplaced confidence in organisational cybersecurity readiness are adding to pressure on CISOs during challenging times, according to a new report produced by BT Security. The global study of more than 7,000 business executives, employees and consumers found that 76% of executives understand their company’s IT strategy to defense against cyber threat protection but 85% blammed CISOs after cybersecurity incidents for not communicating effectively. 

Experts Comments

February 02, 2021
Sam Curry
Chief Security Officer
Cybereason

The findings from BT's research project are both exciting and sobering. For the 16 percent of executives surveyed that say they haven't been breached, or at least suffered some type of security incident in the past two years, they are either lying or don't have the security tools and services in place to better scan their environment for trouble spots. In other words, they can't see the adversaries and they are standing right in front of them. Coming on the heels of revelations from the Solar

.....Read More

The findings from BT's research project are both exciting and sobering. For the 16 percent of executives surveyed that say they haven't been breached, or at least suffered some type of security incident in the past two years, they are either lying or don't have the security tools and services in place to better scan their environment for trouble spots. In other words, they can't see the adversaries and they are standing right in front of them. Coming on the heels of revelations from the Solar Winds supply chain hack in December, an intricate and targeted attack dating back to more than a year ago and impacting tens of thousands of companies around the world, BT's findings are hopefully a wake-up call to board rooms around the world.

 

The expanding digital footprint for companies of all sizes leaves them vulnerable to security incidents, sometimes of material nature, making the job of CISO's that much more important. Security excellence is hard to achieve, but there are organisations across the public and private sector doing a wonderful job today staying ahead of potential hot spots in their networks.

 

My advice for all CISOs and executives is to adopt an operation-centric approach to cybersecurity, instead of having security teams chasing countless alerts that oftentimes lead you down a never ending rabbit hole. Many traditional security products are hopelessly alert-centric and generate volumes upon volumes of information that appear seemingly unconnected, lack context, and take too much time to investigate to understand how they are related, even when they are part of the same attack. From a defender’s point of view, we can never win daily battles by spending time chasing uncorrelated alerts.

 

We must quickly identify, and respond to malicious operations with surgical precision, finding a path forward by future-proofing tomorrow’s enterprise. We need to detect earlier and remediate faster; to think, adapt, and act more swiftly than attackers can adjust their tactics; and to have the confidence as defenders that we can always identify, intercept and eliminate emerging threats in a matter of minutes rather than days or weeks.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.