What are CISOs' top security concerns and strategies?

Security is no longer just an IT issue, it's a business priority issue. In the past year, we've experienced a handful of high profile data breaches that affected tens-to-hundreds of millions of individuals in each--Court Ventures in October 2013, Target in December 2013, P.F. Chang's in June, and the untold number of sites that a Russian crime ring hacked just a couple of weeks ago.

Security teams protecting sensitive corporate data aren't the only ones embracing advances in technology--so are the sophisticated criminals trying to disrupt business. Protecting data privacy, meeting compliance requirements and guarding against malicious phishing and malware are cited as top security concerns according to a recent Wisegate member poll. But what are IT security executives actually focused on as priorities? Where are they looking to innovate their processes? And how will our nation's top security experts help their businesses take smart risks?

Wisegate, an IT advisory service, and Scale Venture Partners teamed up to survey over a hundred security leads to find out.

The report highlights these key findings:

New battlefields, same war. CISOs remain vigilant on the fundamentals: Malware outbreaks and data breaches. Security teams confront growing risks on many fronts, from new technologies to external threat factors. Driving their security strategies are six technology trends, including BYOD, Everything as a Service, Cloud Application Security Brokers and SecDevOps. The five top risks resulting from these trends include malware outbreak and sensitive data breaches--these two risks accounting for nearly a third of all CISO's top priorities.

Security programs prioritize risks and business alignment, but lack tools to draw the big picture. Their risks are increasing, but only half can efficiently report risk status to their boards and internal business partners. Despite being able to identify their top risks, one-half of the survey participants admitted they didn't have good ways to measure the status of these risks or how effective their programs were at addressing them. Security and risk management systems are becoming Board-level discussions; government and industry regulations are also requiring better risk monitoring and controls. While many security products do provide dashboards, those tend to be specific to that product's threats and activities. What's needed are efficient ways to map all of this event data into holistic, business-level perspectives.

Top tech trends and risks show that as IT hands off infrastructure control, CISOs focus on the data. Shared risk models are a nod to the expanding universe of user devices and the dissolving enterprise perimeter. CISOs are looking to put security controls as close as possible to enterprise data, versus focusing on specific device types or threats. Information protection and control products (IPC), including DLP/DRM/masking/encryption technologies, were the number one desired control to apply on computers, at the infrastructure layer, within applications, and on mobile endpoints.

Automate all the things. CISOs push automation, orchestration to manage point solution sprawl. Consolidation and automation are top areas of focus to improve security program maturity. Three-quarters of CISOs are building or integrating solutions to address their top risks; APIs are frequently requested features in modern security solutions. Over half (59 percent) identified proactive threat/misuse detection or automated orchestration to streamline their incident response processes as a top goal.

Bill Burns is an executive-in-residence at Scale Venture Partners. Elden Nelson is the editor-in-chief at Wisegate.

Join the CSO newsletter!

Error: Please check your email address.

Tags security

More about BillDLPIPC

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Bill Burns and Elden Nelson

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts