sb-as logo
Story image

CISOs face cyber security 'solution overload' challenges

29 Jun 2016

The Institute for Critical Infrastructure Technology's latest report, CISO Solution Fatigue - Overcoming the Challenges of Cybersecurity Solution Overload, suggests that solution overload is plaguing organisations who are finding it difficult to identify and manage not only the cyber threats, but the strategies and solutions needed to make their roles more effective.

The report highlights the importance of the chief information security officer (CISO), citing that 54% of organisations have created the role, but they must manoeuvre through difficult tasks such as balancing risk and operations, making security decisions based on organisational assets.

CISOs must also be quickly adaptable to change in an era where threats evolve quicker than the security systems built to stop them. As a result, CISOs must face pressure from their employers and from 'cyber-adversaries' through too much information, too many solutions and too many communication problems.

The report suggests that the solution overload issues can be solved by first ignoring the hype about a particular solution and concentrate on solutions rather than the companies or products, as CISOs must "separate fact from fiction and make responsible decisions".

Organisational needs are also a complex minefield of issues, particularly in emerging technologies and BYOD trends. The report says that CISOs must be aware of both internal and external threats, and act accordingly, which may mean using vendor solutions for BYOD, cloud computing and IoT management. CISOs should trust reputable vendors, knowing that they can't control or monitor every threat themselves. Endpoint solutions should be considered to help CISOs manage the workload.

"The CISO should base their choice of a cloud security solution on the capabilities of the entire security platform and its interactions with other services instead of on the efficiency of a single security feature. Long-term decisions can be made by researching how quickly new features are sent to market and how much those features disrupt the market," the report says.

Communication across the organisation is another issue addressed in the report, as it is arguably the most important and exhausting CISO responsibilities, as they must justify their ideas and solutions to committees for budgetary decisions. If the CISO controls the budget, they are the sole responsibility champions of a particular solution.

In conjunction with stakeholders and boards, often risk solutions must be made using technological gaps and risk tolerances. The report suggests metrics as a way to manage decision-making processes.

Return on investment somewhat comprises the monetary values associated with cyber attacks, ransomware and phishing emails. The report suggests that CISOs can calculate ROI based on the costs of breaches, fines, notification costs and other related expenses. The likelihood of future attacks should be included to calculate a risk value, keeping in mind that threat landscapes change rapidly and often aggressively.

The report concludes by stating that CISOs are critical in cyber security defenses. Their expertise can reduce breach success rates by more than 50%. As such, the perils and challenges that come with the role can be overwhelming in the face of information overload and solution overload. Ultimately, the report states that a competent and capable CISO is able to identify the best solution for their organisation.

Read the report here.

Story image
Video: 10 Minute IT Jams - protecting data with user behaviour analytics
In this video, Forcepoint senior sales engineer and solutions architect Matthew Bant discusses the company's DLP solution, the importance of integrating compliance into security solutions, and why cybersecurity strategies should take a more people-based approach.More
Story image
Research: Younger cybersecurity pros more fearful of being replaced by AI
According to the findings, 53% of respondents under 45 years old either agreed or strongly agreed that AI and ML are a threat to their job security, despite 89% of this demographic believing that it would improve their jobs.More
Story image
Cisco report: Remote working is here to stay, making cybersecurity a top priority
"With this new way of working here to stay and organisations looking to increase their investment in cybersecurity, there’s a unique opportunity to transform the way we approach security as an industry to better meet the needs of our customers and end-users.”More
Story image
Financial institutions in APAC region to invest millions in fraud prevention
"The pandemic is creating a lot of uncertainty, but the majority of FIs in APAC recognise that an end to end fraud management platform is strategic to differentiating themselves from the highly disruptive landscape they are playing in."More
Story image
Experiencing ransomware significantly impacts cybersecurity approach
"The survey findings illustrate clearly the impact of these near-impossible demands. Among other things, those hit by ransomware were found to have severely undermined confidence in their own cyber threat awareness."More
Story image
Majority of industrial enterprises face increase cyber threats since COVID-19
Leadership's top cyber security priority was implementing new technology solutions since the onset of the pandemic.More