The boundaries between traditional IT and cybersecurity are all but gone: Every key leader now has a stake in maintaining cyber resilience. But no role is more affected than the CIO. Here are some straightforward tactics to keep you grounded as you navigate security dangers in 2021.
1. Keep an adaptable mindset
One of the most effective and efficient things a CIO can do is to plan for rapid change and learn to improvise, adapt, and overcome any challenge. The evolving threat landscape is dynamic and evolves constantly. Criminals are well-resourced and well-coordinated, and they have an army of automated tools at their fingertips to exploit the global economy. CIOs must remain vigilant at all times to ensure they are not next to be publicly called out for a breach that could have been prevented.
[ How can automation free up more staff time for innovation? Get the free eBook: Managing IT with Automation. ]
2. Join the wolf pack
Don’t be a lone wolf. Build and expand a community-based approach to cybersecurity. Join industry, regional, and topic-based organizations such as Information Sharing and Analysis Centers (ISACs), Information Sharing and Analysis Organizations (ISAOs), as well as special interest groups. Security is a group effort. Start by forming a neighborhood watch.
3. Stay informed
Nation-state hackers target private corporations as well as countries. Information Sharing and Analysis Centers (ISACs) and Information Sharing and Analysis Organizations (ISAOs) can help here. Many cybersecurity providers offer freemium-level content that can provide high value at low to no cost. Consider evaluating commercial and government-provided threat intelligence, which can provide customized visibility into your unique use cases and be ingested into your larger architecture to include ITSM, SIEM, SOAR, or related technologies.
[ Get the primer: What is SOAR (Security Orchestration, Automation, and Response)? ]
4. Learn to do less with more
Budgets are tighter than ever at organizations around the globe, and procurement scrutiny is at an all-time high. Over 75 percent of large enterprises have 16 or more security tools in the environment; some have up to 60 or more. Evaluate your core use cases and identify where you might trim the fat. Balance the pros and cons of best-of-breed solutions that can take a targeted approach and all-in-one tools that can be more cost-effective. Prioritize solutions that ultimately can reduce your bottom line. With proper analysis, key investments in critical areas can greatly reduce costs.
5. Align security and business strategy
A finite budget means hard tradeoffs. Fully understanding your risk tolerance, security maturity, and exposure will ensure the longevity and financial viability of your business. This is a high priority that comes with serious consequences, and it is too often overlooked.
6. Keep it simple, stupid (KISS)
The simpler the approach, the more likely it will be easier to implement, use, maintain, and ultimately address the core problem. A proper cybersecurity skillset is hard to find. Using easy-to-use automated solutions to address complex problems will act as a force multiplier for your business.
[ Read also: 5 approaches to security automation and How to automate compliance and security with Kubernetes: 3 ways. ]
7. Mind the human firewall
You can spend millions in security and over-communicate priorities horizontally and vertically and still fall victim to your weakest link: the human firewall. Maintaining vigilance and enforcing best practices with standardized governance will go a long way to ensure social engineering and prevent a phishing email from causing your next data breach. You must continuously monitor and enforce this.
8. Maintain transparency
CIOs understand it is not if, but when, a data breach will occur. IT leaders must lead from the front. What matters is not what happens to you, but how you react to it. Being responsible also means being response-able.
9. Understand and assess your attack surface
Digital transformation is in full swing. Many corporations have advanced in a single year capabilities that may otherwise have taken 10 years. Cloud, IoT, 5G, AI, and other technologies that were once the stuff of sci-fi novels are now discussed daily in the boardroom. As you install these digital tools, don’t forget to also include the proper locks.
10. Security doesn't stop at your four walls
Even if you do everything perfectly, if your friends and family fail to do their part in maintaining security, the system will fail. Be sure to monitor and maintain security effectiveness across your entire ecosystem 24/7/365.
[ How do containers help manage risk? Read also: Ten Layers of Container Security. ]