CISOs Are Under Mounting Pressure

CISOs Are Under Mounting Pressure

A number of companies are adopting the role of Chief Information Security Officer (CISO) to address growing cyber security threats. The CISO position, when performed well, represents a unique opportunity for technology professionals to better align IT with the business — and propel themselves into increasingly strategic positions.

But the role of the CISO is “not for the fainthearted,” according to David Jordan, chief information security officer of Arlington County, Va., as recently quoted in the The New York Times.

He’s right. CISOs are exposed to big risks — and equally big blame. That puts them under tremendous pressure. Their job tenures are short — often as little as two years, according to the Ponemon Institute. And they’ve been relying on security products that are not only difficult to test, but also often ineffective. That’s hardly a formula for CISO success.

Compounding the situation is a growing CISO talent shortage. The situation is bad enough that Nike Inc. allegedly tried to poach MasterCard’s CISO. That’s according to a lawsuit MasterCard has filed against the sportswear maker, seeking $5 million in damages and a ruling that would bar Nike from soliciting its employees.

CISOs also face a bewildering array of cyber security products, many of which are difficult to test. CISOs know that these products, even when tested, are constantly being challenged by hackers and other cyber-thieves racing to keep one step ahead. What’s more, coordinated attacks by the bad guys can evade even the best-of-breed discrete security products.

Recent, well-publicized data breaches at Sony, Target, Apple, Yahoo and others have transformed the perception of information security. It’s no longer simply an IT issue. Security is now viewed as a vital challenge for the entire company.

That also means that CISOs, many of whom report to their CEOs, now have a good reason for working more closely with business-line managers. Business managers need security policies, but they also need to understand their new, specific risks — as well as what they can do to protect their systems and data. CISOs willing and able to play a new advisory and communication role can help.

But CISOs need some help themselves. The smart ones are turning to a new way of thinking about cybersecurity protection: Security as a Service. It’s a managed, unified solution that leverages the power of both machine learning and expert human intelligence. Like other cloud-based solutions, Security as a Service also offers powerful benefits that include greater scalability and speed; flexible pay-for-use pricing; and a shift from capital-expense to operating-expense spending.

Masergy’s Unified Enterprise Security supports public clouds, private clouds and hybrid clouds alike. It can integrate with and support existing security systems, complementing them to detect and protect against even the most sophisticated cyberattacks. And “unified” means just that: The Masergy solution integrates 10 solution areas, including network behavioral analysis, intrusion detection and prevention, managed firewall, and network-access policy monitoring.

Masergy also offers certified experts who can assess your compliance efforts, test your network and app vulnerabilities, and implement best practices. They effectively become an extension of your own security team. For CISOs under pressure, that’s a welcome relief.

About Craig D' Abreo

VP, Security Operations, Masergy
Craig oversees the Managed Security, Threat Intelligence and Security Professional Services departments at Masergy. He is responsible for Masergy’s proactive enterprise cybersecurity threat management and operations program. Craig holds a bachelor’s degree in Computer Science and an MBA in Information Security. He is a Certified Information Security Systems Professional (CISSP) with over a decade of experience in the security industry and holds various network security certifications. He has written on various security blogs, spoken on a range of industry panels and is a recognized thought leader in the cybersecurity space.