Board Risks, Selling Lemons, & 4 Critical Strategies – BSW #193

Cybersecurity Collaborative and its parent company, CyberRisk Alliance, announced a $1 million fund to help organizations whose cybersecurity resources have been affected by the pandemic join the alliance. The fund includes a limited number of complimentary memberships for academic and public sector organizations and makes grants available to commercial sector organizations to subsidize 50% of first year membership dues in the Cybersecurity Collaborative. The pandemic has brought new information security threats to organizations of all sizes, at the same time as economic conditions have constrained budgets in technology and cybersecurity areas. The Cyber Resiliency Fund is intended to help companies access immediate cybersecurity resources and tools that address top priorities such as ransomware, phishing and securing work-from-home environments.

Here are the top strategic trends for 2021: 1. Internet of behaviors (IoB) 2. Total experience (TX) 3. Privacy-enhancing computation 4. Distributed cloud 5. Anywhere operations 6. Cybersecurity mesh 7. Intelligent composable business 8. AI engineering 9. Hyperautomation

Here are four strategies laid out by Gartner's CIO Agenda for 2021: 1. Win differently 2. Unleash force multipliers 3. Banish drag 4. Redirect resources

There are arguably two prominent problems with cybersecurity governance – the misrepresentation of cybersecurity risk at c-suite and board of director levels and the underrepresentation of women in the industrty. One such misconception is that information technology (“IT”) is synonymous with cybersecurity. Their priorities, skills needed, and responsibilities are different, and many times compete. IT is concerned with the functionality of hardware, software, and the network. Conversely, cybersecurity addresses the security of digital information. IT establishes controls versus monitoring of the controls to ensure they work as intended by cybersecurity. IT training is centered around new hardware, software, and solutions compared to cybersecurity training encompassing staying up to date on new threats, developments, and risks that are constantly emerging.

Based on over 100 comprehensive interviews with business and cybersecurity leaders from large enterprises, together with vendors, assessment organizations, government agencies, industry associations and regulators, Debate Security’s research shines a light on why technology vendors are not incentivized to deliver products that are more effective at reducing cyber risk. Read the report: https://www.debatesecurity.com/cybersecurity-technology-efficacy-is-cybersecurity-the-new-market-for-lemons/

Here are a few ways CISOs can directly address the top board-level security concerns to ensure the program gets the budget it needs to mature. 1. Start simple: where are the greatest risks and how are you reducing them? 2. Clearly communicate the level of protection 3. Analyze ROI on current security tool investments 4. Use these metrics to back up future investments 5. Map everything back to the bigger picture