Did you know, the first chief information security officer [CISO] was appointed in the 1990s? According to CNBC, the CISO role dates back to 1994, when Citigroup [Citi. Corp. Inc.] experienced a series of hacking attacks from a Russian hacker. Citibank created the first formal cybersecurity executive office role, and since then, chief information security officers are now challenged like never before.
Let’s consider how this role has evolved over the years, and the skills a CISO needs to develop to focus in 2020 and beyond.
The world has come a long way since the 1990s with regards to the Internet and information. With access to the web through new and innovative devices, being online today is more a necessity than a luxury. Both individuals and companies employ technology for several uses, ranging from critical to mundane and now even dangerous and treacherous activities. With the increase in technology and mobile devices, security is at risk not just from the outside, but also from within.
The annual survey released by Verizon Data Breach Investigations Report in 2019 revealed that over 34% of data risk incidents took place from within an organization, with some industries experiencing higher levels of insider threats. In that regard, the role of the chief information security officer has also changed in response.
A new study conducted by the Wall Street Journal reported how CISO’s are now emerging from CIO’s shadows. Besides, a Forrester survey data shows how CISOs are increasingly reporting directly to presidents and CEOs of companies rather than CIOs. Although it is not yet a widespread phenomenon, and the numbers in various data surveys may not be eye-popping, the shift is inevitable.
Now that we have begun towards the next decade, it is crucial to take a moment and reflect on the progress that companies and individuals have made so far when it comes to dealing with data security as a high-level concern. This is how the role of CISOs have evolved ever since it was introduced in the 1990s.
The spread of the Internetand security breaches
From smartphones to smartwatches, Internet of things and high-end devices, the spread of the Internet is all around us — and so is the threat of a security breach. In the early years of its development, technology such as dial-up Internet and phone scams were the areas of concern for most CISOs. Today, these dangers are overwhelmingly digital and in real-time. They are also taking place simultaneously across all fronts. And with work becoming more swift and mobile, the four walls of an office and the network have almost disappeared. Today staff, in the company, switch seamlessly between personal emails and business emails on their smartphones and computers. Organizations now store data on the cloud while USB devices accommodate gigabytes of data on devices as small as a thumbnail. And that’s not all; software today is instantly downloaded with the click of a button. The spread of Internet-connected devices and the rise of mobile and remote workplaces are no longer just trends — they’re here to stay and to accelerate.
Verizon’s mobile security index released in 2019 reports that over 30% of organizations experienced a security risk related to smartphones. The same report revealed that over 54% of companies were aware that their employees were the most substantial risk in mobile security.
With the rise of security threats happening across multiple channels with an unprecedented frequency and pace, the role of CISOs now involves creating an integrated security strategy and wide-ranging coverage to encompass every attack vector.
The threats from within
And although data security attacks come mainly from outside, new and emerging reports show how one third of data security incidents are now including internal players.
A company’s very own employees, its contractors and vendors are now perceived as a growing risk and referred to as insider threats. These can have severe implications on finances and result in unprecedented data loss outcomes, even if insider threat behaviour is not intentional. Today, every kind of company is experiencing insider cost incidents, and no organization is exempt from its reach.
This is why, it is imperative for every CISO to consider creating a document security program that can help them to: prioritize contextual intelligence, balance data privacy and security, dig down into the root causes and eliminate risks before they take place. The need to combine people, processes and technologies with security programs such as digital rights management must be an imperative that every CISO must consider to eliminate threats coming from within and outside.
The cost of data breaches
The astronomical cost of a data breach, as revealed by Ponemon Institute’s 2020 Cost of Insider Threat Report: Global, shows that the overall cost of data breach incidents has risen to an astounding $11.45 million today. This is why the boardroom and directors must work closely with CISOs in building a security strategy that is tightly integrated with the company’s business strategy.
If organizations start to consider the expenses of data breaches and other security incidents, it is evident that IT security must be closely aligned and integrated with various business functions at every moment. For instance, the legal department of companies must have a pivotal role in laying down policies around data security threats such as insider threats, especially in building guidelines around monitoring users and complying with laws such as GDPR. By looping in human resource teams, adequate warnings can be given with regards to sensitive personnel events likely to lead to an insider threat.
Document security and digital rights management are crucial in deterring the threat posed by malicious persons. As we continue to evolve our businesses, we need to develop more secure and productive ways to manage our documents, data and information. You can easily protect your sensitive documents and files and close the door on piracy and data threats with digital rights management. DRM can protect documents from unauthorized access, sharing, copying, printing and edits. It can control where documents are used, by whom and when and gives you full control over revoking access at any stage.
Did you know, the first chief information security officer [CISO] was appointed in the 1990s? According to CNBC, the CISO role dates back to 1994, when Citigroup [Citi. Corp. Inc.] experienced a series of hacking attacks from a Russian hacker. Citibank created the first formal cybersecurity executive office role, and since then, chief information security officers are now challenged like never before.
Let’s consider how this role has evolved over the years, and the skills a CISO needs to develop to focus in 2020 and beyond.
The world has come a long way since the 1990s with regards to the Internet and information. With access to the web through new and innovative devices, being online today is more a necessity than a luxury. Both individuals and companies employ technology for several uses, ranging from critical to mundane and now even dangerous and treacherous activities. With the increase in technology and mobile devices, security is at risk not just from the outside, but also from within.
The annual survey released by Verizon Data Breach Investigations Report in 2019 revealed that over 34% of data risk incidents took place from within an organization, with some industries experiencing higher levels of insider threats. In that regard, the role of the chief information security officer has also changed in response.
A new study conducted by the Wall Street Journal reported how CISO’s are now emerging from CIO’s shadows. Besides, a Forrester survey data shows how CISOs are increasingly reporting directly to presidents and CEOs of companies rather than CIOs. Although it is not yet a widespread phenomenon, and the numbers in various data surveys may not be eye-popping, the shift is inevitable.
Now that we have begun towards the next decade, it is crucial to take a moment and reflect on the progress that companies and individuals have made so far when it comes to dealing with data security as a high-level concern. This is how the role of CISOs have evolved ever since it was introduced in the 1990s.
The spread of the Internetand security breaches
From smartphones to smartwatches, Internet of things and high-end devices, the spread of the Internet is all around us — and so is the threat of a security breach. In the early years of its development, technology such as dial-up Internet and phone scams were the areas of concern for most CISOs. Today, these dangers are overwhelmingly digital and in real-time. They are also taking place simultaneously across all fronts. And with work becoming more swift and mobile, the four walls of an office and the network have almost disappeared. Today staff, in the company, switch seamlessly between personal emails and business emails on their smartphones and computers. Organizations now store data on the cloud while USB devices accommodate gigabytes of data on devices as small as a thumbnail. And that’s not all; software today is instantly downloaded with the click of a button. The spread of Internet-connected devices and the rise of mobile and remote workplaces are no longer just trends — they’re here to stay and to accelerate.
Verizon’s mobile security index released in 2019 reports that over 30% of organizations experienced a security risk related to smartphones. The same report revealed that over 54% of companies were aware that their employees were the most substantial risk in mobile security.
With the rise of security threats happening across multiple channels with an unprecedented frequency and pace, the role of CISOs now involves creating an integrated security strategy and wide-ranging coverage to encompass every attack vector.
The threats from within
And although data security attacks come mainly from outside, new and emerging reports show how one third of data security incidents are now including internal players.
A company’s very own employees, its contractors and vendors are now perceived as a growing risk and referred to as insider threats. These can have severe implications on finances and result in unprecedented data loss outcomes, even if insider threat behaviour is not intentional. Today, every kind of company is experiencing insider cost incidents, and no organization is exempt from its reach.
This is why, it is imperative for every CISO to consider creating a document security program that can help them to: prioritize contextual intelligence, balance data privacy and security, dig down into the root causes and eliminate risks before they take place. The need to combine people, processes and technologies with security programs such as digital rights management must be an imperative that every CISO must consider to eliminate threats coming from within and outside.
The cost of data breaches
The astronomical cost of a data breach, as revealed by Ponemon Institute’s 2020 Cost of Insider Threat Report: Global, shows that the overall cost of data breach incidents has risen to an astounding $11.45 million today. This is why the boardroom and directors must work closely with CISOs in building a security strategy that is tightly integrated with the company’s business strategy.
If organizations start to consider the expenses of data breaches and other security incidents, it is evident that IT security must be closely aligned and integrated with various business functions at every moment. For instance, the legal department of companies must have a pivotal role in laying down policies around data security threats such as insider threats, especially in building guidelines around monitoring users and complying with laws such as GDPR. By looping in human resource teams, adequate warnings can be given with regards to sensitive personnel events likely to lead to an insider threat.
Document security and digital rights management are crucial in deterring the threat posed by malicious persons. As we continue to evolve our businesses, we need to develop more secure and productive ways to manage our documents, data and information. You can easily protect your sensitive documents and files and close the door on piracy and data threats with digital rights management. DRM can protect documents from unauthorized access, sharing, copying, printing and edits. It can control where documents are used, by whom and when and gives you full control over revoking access at any stage.