After speaking in-depth to our CISO community and the leaders we featured in this issue of the magazine, it became apparent that tackling threats isn’t as much about having the right technology in place, but more about CISOs leading their organizations by instilling a strong security culture.
Leaders who establish strong security cultures are more protected, smarter, and result in an entire organization’s strength against any potential threats. CISOs who establish these strong cultures do not work in silos, they instead protect their organization in a stable, assertive manner. Many CISOs we speak to, both those we feature in the magazine and those who advise us, continue to share why and how building a security culture is at the forefront of their strategy.
Second to a strong security culture is having the right talent to support your goals, from both a strategic and tactical perspective. Time and again, CISOs tell us they are only as strong as their team member’s strengths – both as an individual and as a productive team working together on common goals.
We went deep with the CISOs interviewed and asked them a range of questions about their approaches to tackling threats. They shared with us how they organize their program in a strategic, yet enabling way, all while ensuring they continue to protect against the continued influx of threats. Many CISOs shared similar opinions about the top threats impacting their organizations, and the industry as a whole. We learned how many security leaders communicate the threat landscape to their executives in a business-minded way.
To recap some of the conversations we had with CISOs who helped put this issue together, here are some of the highlights from questions we asked them:
How do you stay on top of new threats? Most CISOs rely on a few sources including their peers, industry threat sharing sites, and products.
What is the biggest threat impacting your organization? The majority of CISOs we spoke with said phishing, and the more targeted spear phishing.
What is the biggest concern for insider threats? Many responded they are more concerned about the accidental employee versus the malicious employee.
How do you communicate threats to your executives? Today, security leaders are having proactive conversations about threats due to better alignment between business and security, and heightened awareness of the general public.
We learn even more about threats in our article with Erik Kamerling, lead information security consultant at K logix. Erik shares his extensive experience working with organizations all over the world battling phishing threats. He breaks down Business Email Compromises, phishing attacks with commonly disastrous financial consequences, and provides examples and actionable recommendations.
We always want to hear from our security community about their opinions on the topics we cover in the magazine. Please don’t hesitate to let us know what you think about this important issue.