ALL FOR ONE, ONE FOR ALL

VIEW THE ARTICLE HERE

VIEW FEATS OF STRENGTH MAGAZINE HERE

Information Security Executives Are Partnering with the Competition to Move the Needle on Security in 2016

One theme resonates consistently across all the CISOs we speak with: networking and information sharing are powering successful security programs. In fact, a PWC survey found that 82% of companies with high-performing security practices collaborate with others to achieve their goals. A similar industry survey reported that 56% of security professionals rely on peers at other companies for information exchange related to threats and security best practices. But what does that mean exactly? In hyper competitive industries like financial services, retail and manufacturing, how do security professionals share and collaborate without losing competitive advantages?

THE FINANCIAL SERVICES INDUSTRY LEADS THE WAY
The Financial Services industry, long the standard-bearer for information security practices, leads the way in terms of formal industry associations and more informal networking. The Financial Services Information Sharing and Analysis Center (FS-ISAC) is the leading center for cyber threat and security incident reporting and sharing. In fact, the Retail Cyber Intelligence Sharing Center recently signed an agreement with FS-ISAC to duplicate FS-ISAC’s model and processes for the retail industry.

ISACs serve an important function in helping organizations identify, and more quickly respond, with industry-proven methods to threats and incidents on their own networks. While membership in an ISAC is increasingly becoming standard practice for day-to-day security, other avenues provide the level of sharing and collaboration needed to elevate security teams from “in the trenches” operational programs to revenue-impacting, goal-supporting business.

More impactful than the threat reports and data sharing between financial services companies is the peer-to-peer collaboration among the group. In this issue of Feats of Strength we profile Kevin Hamel, CISO of COCC. Hamel belongs to the CISO Executive Network. Membership provides him with unfettered access to his peers, who are always only a phone call away and ready with solutions or suggestions to address the latest security issue.

The higher education market is also working more collaboratively to address security issues. Deborah Gelch, CIO at Lassell College in Massachusetts says university security officers regularly collaborate via listservs sponsored by higher education associations like Educause. Gelch says, “The Financial Services industry really set the benchmark for effective information sharing, but in education this is our near future. We are often smaller organizations, so we need to be able to leverage each other for expertise and best practices.”

IN A RELATIVELY NEW INDUSTRY, SECURITY LEADERS SET THEIR OWN RULES OF ENGAGEMENTS
According to K logix research, more than half of all CISOs are in the role for the first time. A 2014 survey from PWC showed that only 28% of organizations had a CISO. That means a large number of CISOs are filling roles that previously did not exist. This trend will only continue in 2016 as many more companies add the CISO position.

The relative newness of the role means the position is still being defined. That is likely a big reason CISOs turn to each other for advice and input, more so than other C-suite executives. Another reason is the nature of their business. While sales executives, for example, can easily identify their competitors and create counter-positions to defend against them, CISOs must navigate a maze of foes including cyber threat actors, hacktivists, rogue employees, and standard business risks. In addition, CISOs recognize that a more secure Internet will enable their company to compete more effectively. In a previous feature of Daniel Conroy, CISO of Synchrony Financial, he said, “All financial services organizations need the Internet to be secure because we need consumers and businesses to feel safe about their private data. It is in the best interests of us all to share cyber threat information to maintain a safe and secure Internet experience for all businesses and consumers.” It is no wonder CISOs are far more likely to share openly and honestly with executives at otherwise competitive institutions.

OPPORTUNITIES TO ENGAGE YOUR PEERS
Jenna McAuley, the new CISO at Mercer is also profiled in this issue of the magazine. She picks up her best advice and finds opportunities to mentor and to learn through the Women’s Executive Forum. Hamel says the CISO Executive Network is more valuable than any trade show or industry event. Others, like Conroy, made connections through FS-ISAC that lead to personal relationships. More than 20 Boston-area CISOs participated in K logix’s CISO Summit to share best practices and ideas for elevating security in the board room and aligning security with strategic business goals.

All of these security leaders found associations and organizations that put them in the same room as security executives who shared their common interests – whether similarly sized organizations, in the same industry, or other attributes – and they are able and willing to share security-related information without risk of exposing trade secrets. Robert Duncan, a professor of Cybersecurity at Columbia says that this level of information-sharing happens informally among the largest banks on Wall Street because they each see benefit in the exchange, and they are able to do so without exposing company secrets.