Digital Risks Are Changing And CSOs Must Adapt

Uploaded on 2017-12-20 in NEWS-News Analysis, JOBS-Training, FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY--Resilience

Picture this, a large organisation has been hacked, compromising the financial information of millions of people. 
News headlines detailing similar stories are now frequent, causing the job description of CSO to rapidly expand. In the past, the main responsibility of this role has been managing the physical security of an enterprise. 

But in today’s dominantly digital world, CSOs must expand their reach to not only monitor tangible risks, but also address the uninsured risks that live in the digital world.  

Digital risk continues to be a puzzling area for CSOs, but one that is only going to grow with time. 
In fact, the Gartner Digital Risk Management Hype Cycle recently found that less than five percent of enterprises are currently monitoring their digital risk.

With such a limited focus on digital risk, it is imperative that CSOs be proactive in addressing these vulnerabilities before they become larger enterprise issues. 

Two areas where CSOs should place their focus are cybersecurity around bring your own device (BYOD) policies and proper employee digital risk training. With a proper strategy in place to address these issues, CSOs can significantly alter their security landscape, ultimately protecting their company and reducing their digital risk exposure.

Bring Your Own Device
The acceptance of BYOD practices brings with them a bevy of digital risks, many of which are still being realised by CSOs. Traditionally, CSOs have focused on protecting the enterprise from hacks through their own systems, but the emergence of BYOD has extended these practices to include employee-owned devices. 

In leaving device selection up to the employees, security teams now find themselves having to account for wider technology platforms ranging from computers, cellphones and even tablets, each of which carry unique operating systems. To counter these practices, CSOs must serve as the first line of defense in establishing remediation strategies that protect employees and the enterprise from risks and breaches, no matter their device. In doing so, CSOs must understand the risks that these devices bring due to the nuances in their security protocols and employee usage.
 
Employee Education
Education is one of the best defenses against hackers. Many companies have security policies in place, but employees are not responsible for what they do not know. If employees undergo security training, enterprises can benefit from increased employee understanding of risks as well as help improve visibility into arising risks and appropriate remediation strategies.
In these training programs, employees should learn the signs of phishing emails, the importance of securing their devices when they aren’t using them and how to best set up passwords. 

This is also a good opportunity for the CSO to explain company policies with the employees. Such policies may include; how to report missing computers, how often passwords and security software should be updated and steps to take during a possible cyberattack.

CSOs must create an environment where employees know how to identify risks and inform appropriate parties when risk arise. This allows the enterprise to get ahead of the risk, helping minimise long-term damage.

Risk Management Starts with the C-suite
When it comes to enterprise security, C-suites should be vocal leaders on the importance of digital risk for the other employees to follow. A CEO who is very vocal about reducing digital risk will provide the leadership and employee buy-in that will resonate throughout the enterprise.

The role of a CSO will continue to evolve as the world of digital risk changes, so it is imperative that they take the time to understand where/how these risks arise as well as how to address them. With digital risk’s continual growth, now is the time for CSOs to act.

Security Magazine:   Image: AlphaStock / Nick Youngson

You Might Also Read: 

Cultural Strategies For Data Security (£):

BYOD Security Is Critical For Business:

Staff Training Is Important But Does Not Reduce Cyber Risk:

 

« Google To Open An AI Centre In Beijing
Russian Hackers Steal $10M From Banks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

CoSoSys Endpoint Protector

CoSoSys Endpoint Protector

Endpoint Protector by CoSoSys is an advanced all-in-one DLP solution for Windows, macOS, and Linux, that puts an end to unintentional data leaks and protects from malicious data theft.

Uniscon

Uniscon

Uniscon is a leading provider of cloud security solutions in Europe.

IT Security House

IT Security House

IT Security House is a leading European supplier of Cyber Security Intelligence and eCrime services.

Niksun

Niksun

Niksun's forensics-based cyber security and network performance monitoring products provide customers with actionable insight into security threats, performance issues, and compliance risks.

Versa Networks

Versa Networks

Versa is a software-defined networking vendor providing an end-to-end solution that both simplifies and secures the WAN/branch office network.

Upstream Security

Upstream Security

Upstream Security is the first cloud-based cyber-security solution that protects the technologies and applications of connected and autonomous vehicles.

Modux

Modux

Modux focus on a number of core competencies across cyber security including; cyber intelligence & analytics, penetration testing and training.

RUSCADASEC

RUSCADASEC

RUSCADASEC is an independent non-profit initiative on developing the open Russian-speaking international community of industrial cyber security/ICS/SCADA cyber security professionals.

AttackIQ

AttackIQ

AttackIQ delivers continuous validation of your enterprise security program so you can strengthen your security posture and your response capabilities.

NetNordic Group

NetNordic Group

NetNordic is a Nordic system integrator focusing on solutions and services in the area of networking, smart data centers, cybersecurity, and unified communication.

LogMeIn

LogMeIn

LogMeIn makes it possible for millions of people and businesses around the globe to do their best work simply and securely—on any device, from any location and at any time.

Revere Technologies

Revere Technologies

Revere Technologies is a pure-play cyber security solutions and services provider in Sub-Saharan Africa.

Zilla Security

Zilla Security

Zilla combines identity governance with cloud security to deliver comprehensive access visibility, reviews, lifecycle management, and policy-based security remediation.

Solvo

Solvo

Solvo enables security teams and other stakeholders to automatically uncover, prioritize, mitigate and remediate cloud infrastructure access risks.

CyberSec Vietnam

CyberSec Vietnam

The CyberSec Vietnam Conference on 13 June 2024 in Ho Chi Minh City focuses on the critical pursuit of building trust in digital networks and fortifying Vietnam's cybersecurity ecosystem.

SecureAck

SecureAck

From our A-Op SaaS automation platform to Managed Automation-as-a-Service (MAaaS), SecureAck offer powerful security automation the way that best suits your organisation's needs.