4 questions all CISOs should ask themselves

Feb. 18, 2020
Are CISOs getting it totally right when it comes to security?

Being a CISO of a Fortune 1000 company is no easy feat. When it comes to the security of the organization, the buck stops with them. And the bigger the organization is, the harder it is to stay on top of every potential threat – at every moment, of every day. Within the past several years alone, it has become clear that of all areas of responsibility, cybersecurity is one that has zero-tolerance for error. Anything less than perfection regarding performance can eventually lead to severe consequences.

But while many leaders today might still believe that the best way to protect their assets is by managing solutions in-house, this can increase their overall security risks. In-house security management used to be a safer and more cost-effective option. Today, it can result in larger and more detrimental mistakes. Whether through incorrect configurations, overlooked holes in current security methods, unpatched vulnerabilities, or any amount of human error – security management can become a huge thorn in a CISO’s side.

For leaders to ensure airtight security in 2020 and beyond, it’s important they first ask themselves the following four questions to create the strategy that best suits their organization.

1.   Am I truly able to dedicate the time? There can sometimes be a "set it and forget it” mentality for security solutions post-deployment. This kind of mindset for CISOs doesn’t work today and instead, solutions must be kept up to date, with any new and necessary rules and ACLs. A CISO is tasked with managing so many different aspects of an organization, so the ability to dedicate the proper time needed to manage these security aspects should be a top priority. If it isn’t, an outside partner might be the best way to be successful in identifying and eliminating threats.

2.    Is my team able to manage our security solutions? In addition to evaluating a CISO’s time, the rest of the team should also be considered. Will they be able to successfully administer security solutions? Again, if a team is not on top of them 24-7, there is a high chance that there will be more errors and greater opportunities for malicious attacks. So, if there is any doubt about a team’s capabilities, a CISO may want to consider a solution provider that can offer an external management service to handle the solution instead. This, in turn, expands the team’s resources and can help save time and money, effectively mitigating serious threats.  

3.    Am I aware of current hacks and potential threats? Threat actors are becoming more intelligent, sophisticated, and powerful by the day. CISOs, therefore, need to be well versed in all vulnerabilities, new threats, weaknesses in their security solutions, and updates within the current (and complicated) landscape. If they’re doing the bare minimum, relying only on their security solution to remain safe, this can end poorly. Instead, it’s important to leverage resources such as reputable news sites, relevant blogs, industry thought leadership, as well as attending informative events with other security professionals to help stay educated and aware.

4.    Am I spending too much money? While some CISOs believe that good protection requires spending a lot of money on a high-powered security solution, many of the expensive technology platforms are not always 100% effective. Even the best solutions might falter if they are not properly managed. This means it’s important to evaluate solutions and determine their cost, effectiveness, and alternative ways to manage them if necessary.

The landscape today is growing increasingly complex, with new kinds of security risks emerging every day. For some CISOs, managing security solutions in-house might be the best approach. But for others, it can ultimately expose companies (and their customers’ data) to malicious actors and threaten their reputation and business results. It’s important now more than ever to consider these questions in order to create the right strategy that will help mitigate and eliminate these risks.

About the Author: Eyal Hayardeny is the CEO and co-founder of Reblaze. Prior to Reblaze, Eyal was the President and CEO of Shamir Optical Industry, a dual-listed company traded on the Tel Aviv Stock Exchange and the Nasdaq Stock Exchange. Hayardeny is also a board member of Mercantile Discount Bank Ltd. and is the owner and chairman of Lardan Group, which holds several companies in different fields. Hayardeny holds an MBA degree and a BA degree in Economics and Accounting from Bar Ilan University.