Recent global incidents around the world has shown COVID-19 hasn’t stopped cybercriminals. The pandemic has made them bolder and they’ve stepped up their activities – be it attacks on corporations, governments, SMEs and home offices. The cyber threat landscape is one that continues to grow and evolve.
In corporations, while CIOs play a critical role in the information security (InfoSec) of a company, the risk management space needs to be spearheaded by a team that has cybersecurity imprinted in their DNA.
Traditionally, the role of cybersecurity has fallen to the CIO for obvious reasons — it’s a very technical role falling under the purview of the technical leader.
However, the evolution of the fraud ecosystem has outgrown this categorisation and should stand on its own as a research, analysis and forecasting department under a CISO, said Filippe Farias senior director of software engineering at ClearSale.
“Many businesses may not have the capabilities or resources needed to create an entirely new department,” he said. “A CIO should understand the importance of bringing on a professional that has the ability to live and breathe the risk mitigation activities that are ever-evolving and expanding across an entire organisation.”
Farias told CIO Tech Asia, when many countries instituted strict lockdown orders to try and curb the spread, a lot of organisations needed to quickly shift employees to a work from home environment.
“This created a tendency for personal use of company resources, which inevitably increased exposure to possible threats,” he said. “As those orders are starting to loosen and employees are returning to the workplace, the talk of the potential for a second wave means that it’s vital that CIOs prepare now to face the same threats.”
He said a good place to start is to consider these questions:
- Connectivity: Is our way of ensuring a secure connection sufficient and scalable?
- Awareness: Is our security awareness training updated to the new conditions?
- Support: Is our Helpdesk is enough to support our new reality?
“My advice comes down to two major considerations that I’m not sure most CIOs would put at the top of their list – but when it comes to cybersecurity, partnership and culture are the forces that can help drive InfoSec efforts company-wide,” Farias said.
He suggests CIOs think about:
We believe that the best way to face these challenges is through partnership, to join market players that implement the best practices and help you to be in more than one place at the same time. This is especially important for any CIO that is directly running cybersecurity efforts. In our experience, the support of Microsoft and Citrix has been essential to ensure the tranquility of our collaborators in these difficult times.
The InfoSec sector tends to come off as cold and unfeeling, as if we are just around to hinder all the conveniences of a workforce. Knowing this, it’s important to make cybersecurity a part of the company culture as a whole. For example, we have frank conversations with our teams, ensuring that we listen to all their concerns before we make decisions on how to proceed with our company guidelines. Allowing staff to feel a part of our decision-making process changes how we work together and inevitably makes our initiatives much more efficient to implement.
“I have heard these sorts of rumors going around in our industry, but I’m not sure how much stock I put in them,” Fairas said. “I think there are two issues that can lead to this idea of a “skills shortage” in InfoSec – one is that cybersecurity professionals are either highly trained and educated, or self-taught without the necessary “formal” education.”
According to Farias filling entry-level roles with the former group is very difficult, as they expect much higher salaries than are being offered and filling them with the latter group is hindered by an organisation’s minimum education requirements.
“There is a lack of these entry-level jobs being filled, and I think this is where CIOs can take the opportunity to think outside the box,” he said. “It’s less expensive overall to hire at a junior level and train staff to do the job required than it is to recruit a more mid-management or senior candidate.”
Original article at: https://ciotechasia.com/cios-need-to-create-teams-of-cybersecurity-experts/