CISO’s, You are not Alone

Kathie Miley Uncategorized


CISO you are not alone img

“I am alone. I am utterly alone. By the time you read this, I will be gone having jumped plummeted off the Winter River Bridge.” In Winona Ryder’s dramatic note in 1988’s Beetlejuice, her character Lydia unwittingly articulated how many feel when it comes to managing cybersecurity.

Ever wonder why being CISO is the toughest job on the planet (sorry Bering Sea Crab Fishermen, CISO’s have it worse)? Consider the following:

  1. Every 39 seconds there is a successful cyber-attack on devices connected to the internet (University of MD).
  2. It is estimated there will be 125 billion IoT devices connected to the internet by 2030 (IHS Markets). 
  3. There are 3,809,448 records stolen by breaches every day – that is 158,727 per hour, 2,645 per minute, and 44 every second (Cybersecurity Ventures).
  4. The cost of cybercrime will exceed $8 trillion by the end of 2022 (Juniper Research).
  5. 65% of cyber-attacks are aimed at small and medium-sized businesses (Cybint)

The net sum is the horde of bad guys are working together and have a superior balance of power. The unfortunate CISO has to stand their ground as an “army of one”. Even if a CISO does have a large team, when it comes to the sensitivities of their organization’s exposure and risk, it is wise for a CISO to seek expert advice. That being the case, who does a CISO turn to when they need to know about a new attack, or maybe a new 3,000-page regulation is released and they need to know if they are vulnerable to potential penalties/fines, and possibly, coming soon as a law near you, criminal conviction and jail time.

The answer is unequivocal. CISO’s must work together and collaborate on solutions that help protect their companies and their communities. It is our social responsibility as CISOs to protect those who cannot protect themselves, so we need to demand the ability to communicate privately with our peers. Without CISOs working together, the world as we know it is destined for defeat. Conclusion – join a reputable CISO peer-to-peer network and get active in the organization.

Here are three considerations to make when deciding to join a peer-to-peer network:

  1. Is the group free of biases and influences from outside parties? Do they accept sponsorship fees from vendors or partners? CISOs, you will want to make sure members are not being pressured to use the sponsoring vendor’s solution, etc.
  2. Does the group have a membership agreement that protects intellectual property and non-disclosure of information for all members and contributors? The last thing a CISO wants is for their IP and information to leak out to the public.
  3. Who is running the group? Are they operators and cybersecurity leaders, or are they corporate suits who don’t understand the industry and the challenges CISOs face? This is important. You will want guarantees that all discussions and content are focused on what you need, not what the ivory tower wants to promote.