You Are Not Alone. Why it’s Critical that CISOs to Collaborate, and How.
Updated: Sep 12, 2019
“I am alone. I am utterly alone. By the time you read this, I will be gone having jumped plummeted off the Winter River Bridge.” In Winona Ryder’s dramatic note in 1988’s Beetlejuice, her character Lydia unwittingly articulated the loneliness many cybersecurity leaders feel when it comes to managing risk.
5 Reasons Why it's Critical for CISOs to Collaborate
Ever wonder why being CISO is the toughest job on the planet (sorry Bering Sea Crab Fishermen, CISO’s have it worse)? Consider the following:
1. Every 39 seconds there is a successful cyber-attack on devices connected to the internet (University of MD).
2. It is estimated there will be 125 billion IoT devices connected to the internet by 2030 (IHS Markets).
3. There are 3,809,448 records stolen by breaches every day - that is 158,727 per hour, 2,645 per minute, and 44 every second (Cybersecurity Ventures).
4. The cost of cybercrime will exceed $8 trillion by end of 2022 (Juniper Research).
5. 65% of cyber-attacks are aimed small and medium-sized businesses (Cybint)
The net sum is that the swarm of bad guys are working together and have gained the superior balance of power to successfully attack us, and the unfortunate CISO has to stand their ground as an army of one. Even if a CISO does have a team, when it comes to the sensitivities of their organization’s exposure and risk, it is often precipitous for a CISO to seek outside advice. That being the case, who does a CISO turn to when they haven’t seen a new attack before, or maybe a new 3000 page regulation is enacted and they need to know if they are vulnerable to potential penalties/fines, and coming soon to as a law near you, criminal conviction and jail time.
The answer is unequivocal. CISO’s must work together and collaborate on solutions that help protect their companies, and their communities. It is our social responsibility as CISOs to protect those who cannot protect themselves, so we need to demand the ability to communicate privately with other experts. Without CISOs working together, the world as we are destined to defeat. Conclusion - join a reputable CISO peer-to-peer network and get active in the organization.
3 Tips on Deciding what Network to Join
Here are three considerations to make when deciding to join a peer-to-peer network:
Is the group free of bias influences from outside parties? Do they accept sponsorship fees from vendors or partners? CISOs, you will want to make sure members are not being pressured to use a sponsoring vendor’s solution, etc.
Does the group have a membership agreement that protects intellectual property and non-disclosure of information for all members and contributors? Last thing a CISO wants is for their IP and information to leak out to the public.
Who is running the group? Are they actual cybersecurity leaders or corporate suits who don’t understand the industry nor the challenges a CISO faces? This is important. You will want guarantees that the discussions and content are focused on what you need, not what the ivory tower wants to promote.
Don't Forget to Share this post!