Who Is Your Chief Information Security Officer (CISCO) And Is He/She Ready For Battle?
by David Wren
In a world of technological innovation and advancement, positive and negative outcomes emerge. Positive outcomes include heightened convenience, improved efficiency, and innovation. However, negative outcomes continue to accrue, and in the world of cybersecurity, we call them threats. Cyber threats for any business are not a matter of if, but when. They are omnipresent and imminent in our world. A 2019 study of 500+ companies revealed that a data breach averages a staggering 25,575 files per business. Cost per record averaged $150, or $3.92 million per breach. Such statistics have grown annually and in 2021, we expect the number will continue to grow.
Fortunately, there are ways organizations can mitigate cyber threats through proper advanced planning. A crucial way is to designate a highly knowledgeable, skilled representative in your company as the security strategy specialist, implementation manager, and information security officer. This position should be filled by a Chief Information Security Officer (CISO). Many advantages exist for having a corporate-level (C-Suite) executive who is focused on preventative measures against common threats in a multitude of industries. This is especially true for companies with highly sensitive data (e.g., medical, financial information) or with government contracts. Underscoring such a person’s value, another recent study concluded that companies hiring a CISO show a reduction in costs of data breaches.
Adding and maintaining the salary of a CISO can be challenging for small- and medium-sized organizations. Additionally, skilled CISO’s are in high demand, and supply is limited for job openings worldwide. Thankfully, many cybersecurity firms and consultancies have recognized this gap and offer new advisory services or vCISO (Virtual CISO) services as an option. Many of these services are structured to allow access on demand. One potential advantage is access to more than one person with broad experience. Virtual CISO’s often consult with multiple clients and bring the collective knowledge and experience they gather from working in diverse client environments. Additionally, many cybersecurity firms offer teams of skilled experts to address specialized needs. These teams can offer a range of services, including Security Operations Center (SOC), vulnerability management, incident response, and penetration testing. With such a team, you gain access to a group of trusted advisors rather than a single individual to engage as needed.
Cyber threats are real, and organizations in our region are affected daily. All it takes is one form of malware to encrypt all sensitive data, and with no backups, a company may not survive. The scenario sounds scary, and it is. However, such breaches happen regularly in our region. My firm, NTP, partners with your organization to provide a high level of expert advisory services to meet today’s cybersecurity challenges. Our team enjoys the challenges of securing new technologies and mitigating business risks to provide enhanced protections and peace of mind. We have been trusted advisors for more than 20 years with a driving passion to help our clients protect and grow their core businesses. We specialize in areas such as early detection and response through advanced endpoint and data protection with our proprietary tools, people, and processes.
“I would like to thank Dylan King for his research and assistance with this article.”
David Wren, CISM, is President of Network Technology Partners, a regional Cyber Security Intelligence firm headquartered in St. Louis, Mo. He can be reached at firstname.lastname@example.org.