By Rob Rashotte
Vice president for Global Training & Technical Field Enablement at Fortinet
Part one of three
CISOs are facing a perfect storm when it comes to securing their networks. Cyber attacks are becoming increasingly sophisticated just as corporate networks are becoming more distributed and complex – all while security talent becomes harder to find and security strategy best practices evolve.
In the midst of this turmoil, CISOs are now forced to wrestle with how to prioritize the often-limited time and resources available to them to most effectively secure their networks.
This complex, multi-point challenge is explored in the Forbes Insights survey Making Tough Choices: How CISOs Manage Escalating Threats and Limited Resources, conducted in association with Fortinet. Surveying more than 200 CISOs about their priorities, the report illuminates the challenges CISOs currently face, including a lack of security budget and the belief that the capabilities of cyber criminals are outpacing their network protection abilities.
The survey examines what contributes to these challenges and then explores ways CISOs can effectively address them. While a number of actions CISOs can take are outlined in the report, one of the most clear moves they can take to improve their organization’s overall security posture is to prioritize employee training and create a proactive cybersecurity culture as part of their overall security strategy.
Cybersecurity Challenges at the Employee Level. According to findings from the report, 35% of CISOs cite the lack of a centralized cybersecurity strategy and the lack of support from senior management as top constraints to effective security. But when examining the reasons behind the lack of central strategy, many of the issues seem to start at the employee layer – both among IT employees as well as general employees across the various lines of business.
Skills Gap. First, CISOs are dealing with the effects of the ongoing cybersecurity skills gap.
According to the Center for Strategic and International Studies, 82% of employers claim that they are currently suffering from a shortage of cybersecurity professionals within their organization. This shortage has hindered their ability to develop a more strategic approach to their cybersecurity programs, as well as in their ability to keep pace with new threats.
Because the skills shortage prevents IT and security teams from shifting away from their threat-prevention based security strategy to one focused on detection and response, their security teams end up staying focused on tasks aimed at preventing existing threats, rather than using threat intelligence and advanced tools to identify and respond to unknown vulnerabilities and zero days. (Part two next week)