Put yourself in the shoes of a CISO for a moment. You will have to deal with challenges such as ensuring strategic alignment, complying with regulations, keep an eye on emerging trends and technologies, create a strong response and remediation plan, and manage data more efficiently while protecting your digital assets from cyberattacks. All these might seem challenging in normal circumstances, but it is even more daunting when you are in the middle of a pandemic induced recession.
With 2021 just around the corner, it is high time to set a New Year’s resolution and reflect on 2020. As a CISO, you must set your goals and priorities at the start of the year to stay focused and don’t get distracted. More importantly, you should analyze your past year’s performance and find key lessons you can learn from the mistakes you made, so you don’t repeat them in 2021.
In this article, you will learn about five new year’s resolutions every CISO should have for 2021.
Cybersecurity or information security is considered as an inhibitor that prevents businesses from growing and pursuing innovative ideas that can accelerate their business growth. It is time for businesses to ditch that mindset and look at it as a business driver rather than a hurdle. For that to happen, CISOs will have to implement the security enablement process into the business. This will fully integrate information security into the business value chain. CISOs will have to understand better how their business generates revenue and look for ways to minimize costs.
With ISO 27701 already released and the NIST privacy framework about to come out, the data privacy landscape will change and businesses will take data privacy more seriously. Jason Lau, CISO of crypto.com highlighted his New Year resolution by saying, “My resolution will be to develop a new strategy around information privacy and to have more coverage around data privacy in the form of a global privacy program.”
While sharing his own resolution, he said, “My resolution is to not only promote more awareness of data privacy but also to officially embed it into different processes within our organization. I believe in injecting different aspects of privacy — in the form of security and privacy impact assessments — early. The product design phase is critical for all organizations to promote privacy by design, privacy default.”
More CISOs will focus on the human side of information security. They will focus on identifying shortcomings in policies, loopholes, and missing protocols that will lead to data breaches and cybersecurity attacks. The casual attitude of employees towards cybersecurity will not only be discouraged but also penalized. They are no longer allowed to share passwords with their friends on pieces of paper, leave their work laptops anywhere they want or use weak access protocols in buildings with proprietary equipment.
With the rise of application containerization and the growing popularity of microservices, businesses can scale and grow easily. This is a good thing, but there is another side of it that most people tend to ignore. In comparison, it might be a great thing for business innovation but can give your cybersecurity team some sleepless nights. They will have so much to manage and control that they will get overwhelmed. That is why it is important to gain better visibility into systems and data.
Roger Hale, CISO at YL Ventures, said, “My approach is data access first. We are such a connected, data-centric world today that by following the access to data and who is acting on the data, as well as moving the data, we can build the mapping of data across on-prem, cloud, and mobile.”
Andreas Haugsnes, the security director at Unity Technologies shares his New Year’s resolution, “My New Year’s resolution is to have the visibility and controls closer to the data and, if possible, embedded.” While highlighting the challenges CISOs might face, he said, “Challenges are brought to a new level of complexity trying to map where data exists, flows, or is computed at any given time.”
The pace at which businesses are moving these days are forcing them to adopt an agile approach. This means that you will also have to move fast to keep pace with them. CISOs will look to integrate cybersecurity into agile processes because it delivers a host of benefits such as:
Start by introducing more agile processes in your daily operations instead of suddenly imposing cybersecurity on agile processes. This will minimize redundancies and complacency. Automate mundane and repetitive tasks. This will help you bring the best out of every team member as they continue to polish their skills and grow their talents.
What is your new year resolution as a CISO in 2021? Please share it with us in the comments section below.