The CISO’s role in mitigating risk

With the increasing number of threat vectors, a growing attack surface and a rise in cyber crime, the CISO’s role has never been more critical.

Johannesburg, 06 Oct 2021
Read time 5min 00sec
Ali Sleiman, Technical Director MEA, Infoblox Threat Intelligence.
Ali Sleiman, Technical Director MEA, Infoblox Threat Intelligence.

Although a relatively new position in the organisation, the chief information security officer (CISO) already faces many challenges, including that there are often silos in the organisation’s operations, which makes it difficult to prevent crucial information from falling through the cracks. Add to this the fact that cyber attacks are increasing in both frequency and complexity, along with the generally complicated nature of digital transformation, and it is no wonder the CISO’s role is so tough.

According to Ali Sleiman, Infoblox’s technical director for MEA, over the past few years, malicious breaches, advanced persistent threats (APT), ransomware, e-mail attacks and insider malpractice have made the news. The first thing a CISO needs to realise is that the question is not ‘will we be attacked?’, but rather, ‘how will we react when it happens?’ The responsibility falls on the CISO and the processes they put in place to remediate such incidents. The CISO’s main function is to eliminate as much risk as possible – by understanding how to prioritise commitments, what tools to use and how to solve and mitigate the risk by building an incremental organisational security posture and continuously improving the organisation’s security maturity.

“One of the biggest challenges facing the CISO is the siloed nature of many aspects of a business. There is a great need to eliminate architectures or applications that operate in silos, as this provides limited visibility, and thus makes it difficult to operate effectively in a digital world. Moreover, as organisations continue to have increased cloud deployment, this makes the CISO’s job even more challenging when it comes to addressing cyber security issues,” he says.

“The nature of the complexity they face is compounded by a shortage of skills in this area. This means it is vital that the CISO ensures the environment is kept simple enough that a vast array of different skillsets is not required to successfully mitigate security risks.”

It is for this reason, continues Sleiman, that it is critical for today’s CISO to have a solution that provides true visibility into the organisation’s security posture to maintain an appropriate governance, risk and compliance stance, whether using on-premises or cloud services.

“Having the ability to understand where an attack is coming from is the first line of defence. Once you know it is a threat, you can automatically aggregate the intelligence around this and immediately apply security policies to devices and systems, based on the nature of the attack you are witnessing by automating the remediation processes. This is key to helping the CISO overcome many of the critical challenges they face, both in terms of on-premises infrastructure and that which resides in the cloud.”

The cloud poses new difficulties, he continues, as it is a technology that is deployed rapidly – agility is one of its cornerstones – but such a move also opens up new surfaces and vectors for attack. “The CISO has to be able to address these increased risks in a scenario where previously defined security parameters no longer exist. With a much more complex environment to be overseen today, the need for a single pane of glass view has never been greater.”

Ultimately, adds Sleiman, it is all about the quality of intelligence received, since you can only react effectively if the data you are working from is of a superior calibre. He says it is necessary to be able to quickly recognise false positives versus actual attacks, which means having the tools that allow you to aggregate and correlate intelligence. Then, of course, with the scaling of multicloud environment deployments we are starting to see in some organisations, there is the issue of how to scale one’s security to match?

“Thus, simplifying and managing security policies is a crucial job for the CISO, as they need to be able to apply these across the business environment as easily as possible, and in a scalable manner,” he says.

“At the same time, the CISO must ensure adequate security training for employees, such as how to identify a threat, or how to avoid suspicious websites. With the rise of remote working, this has become an even greater challenge, thanks to a wider variety of devices and less secure home networks.”

Here, he adds, the CISO needs to deeply consider exactly what security technologies to implement; take, for example, end-point security where cyber criminals can deploy multiple attack strategies and exploit different protocols like DNS, which is used over 90% of the time to infiltrate networks with either malicious intent to disrupt communication or to steal data. These types of attacks cannot be ignored and the CISO must address such threat vectors by deploying end-point DNS security and scaling the network security posture by sharing the intel gained with the rest of the organisation’s ecosystem, including the SIEM solution, to gain visibility over such type of attacks and easily identify the infected devices for faster remediation.

Today’s CISO must bring a variety of skillsets to the role and have good business acumen in addition to their technical knowledge base. They must strike a balance between the business and the constantly evolving security landscape across teams, thereby understanding the organisation’s strategy, managing stakeholders and deploying the right technology, ultimately building teams and solutions to ensure the organisation’s resiliency.

See also