Chief Information Security Officer

It Is Time for a Chief Information Security Officer at the Top Table

Cyberattacks are becoming a major issue within our modern world. Data breaches and malware threaten the security of a company and it’s customers, yet most businesses remain ill-prepared and unable to deal with cyber attacks that may occur. The age-old idea that “prevention is better than cure” seems to be forgotten when it comes to cybersecurity, and many companies choose to take reactive rather than preventative measures. However, as the rewards for successful cyber attacks become more lucrative, it becomes imperative that companies protect against such attacks.

But how do you go about protecting your business? How do you convert a simple firewall into a complex cyber security system that can both monitor and prevent attacks from occurring? And who exactly in the organisation coordinates all the cyber security?

Fraud and cybercrime, on a global level, is costing €3.7 trillion annually.
Chief Information Security Officer

The Chief Information Security Officer, CISO.

Well, that’s where a Chief Information Security Officer, or CISO, comes in. A CISO is somebody who is assigned the task of dealing with ensuring that all company operations, from internal communication to interactions with customers are as secure as possible. 

But if you haven’t even heard the acronym CISO before, let alone the role that accompanies it, don’t fret. The idea of a CISO is relatively new and, thus far, it has mainly been large corporations that have invested in one. A few years ago the role of CISO did not exist, simply because there was no need for one. Cyber security and its various counterparts fell under the IT department’s remit, however, with cybercrime on the rise, it is becoming increasingly important that companies take security, and more specifically cybersecurity, more seriously. With the downtime cost of a malware attack averaged at 50 days (source: Accenture), appointing a CISO is not a luxury but a necessity.

Simply put, the threat that cyberattacks pose is now too complex and multifaceted for any organisation to function without a CISO. A data breach or cyberattack can close your business for days if not weeks. And, to make matters worse, recent legislation requires that all data breaches be immediately and comprehensively reported to the Data Protection Commission. This means that cyberattacks can have a significant impact on your reputation and lead to significant fines and possible prosecution. 

Cybercrime is Becoming More Prevalent

But what if this surge of cybercrime dies down over the next few months? Who can guarantee that it is here to stay? There are two core reasons why cybercrime is becoming more prevalent. The first can be attributed to the rapid growth of public platforms over the past few years. Today most businesses have Facebook, Instagram, Linked-In and a myriad of other social media accounts as well as using cloud-based solutions such as Microsoft™ Office and Google Docs. As more businesses move towards these cloud-based platforms the real estate for hackers and cybercriminals is becoming much smaller. In the past, when information was spread over hundreds of platforms, breaking into one gave access to a limited amount of information. Nowadays, if an attack is successfully carried out on one of the large platforms we rely on, millions of people’s data will be at risk. Just look at the impact that an attack on Yahoo!™ had. With less real estate comes more concentrated attacks on the platforms we rely on most. 

The second reason is intrinsically linked with the first; an increase in social media users has led to an increase in the amount of personal information available to hackers and cybercriminals. Spear phishing attacks, where people are individually targeted, are becoming increasingly common and allow hackers, who can locate vulnerable employees, an easy access route into your business. Without effective measures in place, it is very challenging for companies to rest assured their data and their businesses are protected. 

victims of cybercrime

Why have a Separation of Responsibility?

n the past, cybersecurity was the responsibility of the IT department in a company. So, why when training your IT department is more cost-effective, should a company invest in a CISO? Well, while it is imperative that your IT department is cybersecurity aware, cybercrime is becoming such an issue that it needs to be somebody’s daily job to proactively police security in any business. Security is as integral to the functioning of a business, as sales or marketing are, and can no longer be overlooked and underestimated. The role of a CISO is as important as that of a CTO or CFO and, consequently, they need to be also sitting beside them at the top table.

The Solution – A Virtual CISO, VCISO.

Although the role of a CISO is crucial to the success of a business, we do recognise the high cost that appointing a CISO involves. Consequently, we have developed a service that allows businesses to employ a virtual CISO. A VCISO carries out the same role as a traditionally appointed CISO, however at a much lower cost. The benefits of this make it a worthwhile consideration for all companies that value cybersecurity. Not only does a VCISO reduce costs but they allow flexible working times and days to suit your company’s needs. A VCISO brings results and ensures that all operations are running smoothly without placing pressure on company finances. It is the ideal way to improve your company’s cybersecurity and reduce vulnerability to attacks.

Summary

It is abundantly clear that with cybercrime on the rise, and your company’s profits and reputation on the line, that cybersecurity needs to be taken more seriously. It is essential that companies have a CISO at the top table because without one your company is vulnerable to attack. The cost of a cyberattack is too great to be overlooked. In the words of Stephane Nappo, Global Head of Information Security for Société Générale International Banking and Finance Services, “It takes 20 years to build a reputation and a few minutes of cyber-incident to ruin it.”