#HowTo: Become an Enabler for Change as a CISO

Written by

Increasingly, CISOs tasked with protecting their organizations from security threats must also be agents of change, implementing the tools and strategies needed to help their organizations grow safely.  

The unparalleled security risks of today’s vast digital landscape mean that CISOs face astronomical pressure when balancing critical business functions with value-driven change. New vulnerabilities, malware and attack tactics are continually emerging. Serious crises can arrive like a bolt from the blue at an exponential cost.

Recent research commissioned by BlackFog found that many CISOs struggle to find the time and resources to keep up with all these challenges. As a result, a third (32%) of CISOs are even considering leaving their position.

So how can CISOs overcome the challenge of limited time and resources to match the latest threats, develop skills and serve as enablers for change in their organization?

No Time for Knowledge and Skills Development 

As senior leaders, CISOs are responsible for their own knowledge and skill development as well as for their security teams. However, most struggle to find the time for effective development amid other responsibilities. Over half (54%) felt they couldn’t keep up with the latest security solutions. 

Another pressing concern was ensuring their teams could keep up with the skills needed to comply with the latest frameworks and models. Alongside this, most respondents felt pressure to keep their skills current and form a proper understanding of operating models such as zero trust. 

Keeping up with the latest cyber solutions was another common challenge, particularly regarding pioneering new technologies and approaches. Just under half (43%) found keeping pace with the latest market innovations challenging.

Without time to investigate new technologies and strategies, an overwhelming three-quarters of security leaders said they were more likely to go for tried and tested approaches. This means many firms are missing out on new solutions which could deliver better protection or reduced costs.

The Impact of Falling Behind 

The lack of scope in terms of personal development and innovation means that senior leaders can become stuck relying on outdated skills and knowledge, overseeing antiquated tools and processes. A severe breach is likely imminent in this scenario.

Now, more than ever, CISOs must anticipate the next security threats. This means prioritizing time to keep pace with new frameworks, emerging trends and the latest technological innovations, as well as new threats like double and triple extortion. 

Finite resources mean that CISOs need to ‘think smart’ – making innovation is essential if they are to be genuine agents of change. 

So how can this be achieved? 

What CISOs and Their Organizations Can Do

The CISO’s role must be focused on continuous learning to keep skills and knowledge fresh, not only focusing on immediate security challenges but keeping one eye on the horizon to anticipate how these threats might evolve. Otherwise, they can’t bring forward creative solutions and strategies that affect fundamental transformation for their organization. 

To enable this, business leaders must ensure their security teams are given the time and resources to keep pace with the latest approaches, frameworks and innovations designed to lower their cyber risk and give CISOs a better chance of looking at the bigger picture.

The answer to easing some of the burdens on security leaders’ time may be closer to home and could prove beneficial as the cyber skills crisis worsens. Collectively, the team can play a part in innovation. By tapping into skills from within their own team, rather than searching for new outsider talent, leaders could unlock the ‘secret weapon’ that frees their time to focus on pressing, strategic areas. Research suggests internal teams may be an overlooked resource: the overwhelming majority (85%) of respondents believe their security team could benefit from more effective strategies for hiring from within and upskilling.

Finally, CISOs must consider new ways to address problems by prioritizing tools that offer a genuinely innovative approach to their most significant security challenges. It’s about making intelligent choices which best use their budget to maximize success.

Innovation is Vital to a Secure Future 

Nearly half of CISOs told us that their favorite thing about the role was being a protector and problem solver. With more efficient, automated processes behind them, they will have the time and mental energy to fulfil this role, keeping up with a dynamic and fast-changing threat landscape without burning the candle at both ends. 

Security is about more than protection, too. It’s about enabling businesses to stay competitive and agile to embrace new services and technologies without compromising security. CISOs reaching their full potential as agents of change can help keep their business safe while also helping it develop and grow. 

What’s hot on Infosecurity Magazine?