Welcome everyone to the 4th installment of the ThreatConnect Podcast’s 5-part CISO Challenge series (view on Spotify). For those who are just now joining us on this journey, we are asking chief information security officers to dig into the new strategic technological approaches required for cybersecurity to start addressing 5 critical challenges that are directly related to business outcomes.
Those challenges include:
- The Increasing sophistication of cyberattacks and cyber adversaries
- The Widening cybersecurity skills gap
- A Lack of intelligence and operational information sharing
- Underinvestment and lack of business buy-in
- The inability to assess, communicate and manage the financial impact of cyber events – and thus the business risk to the organization
To help us understand how CISOs need to think about each of these challenges is Eric Kaasenbrood, CISO of Unit4 – a global enterprise cloud application developer.
Unit4 serves more than 6,000 customers globally including, Bravida, Havas, Migros Aare, Americares, Save the Children International, Action against Hunger, Metro Vancouver, Forest Research, Southampton City Council, Habitat for Humanity, Selkirk College, FTI Consulting, and Surrey County Council.
This podcast series explores why CISOs must adjust to the business challenges facing cybersecurity.
There is a tendency in the cybersecurity industry to conflate tactical changes in the threat landscape with structural and strategic imperatives that are fundamentally altering the role and responsibilities of Chief Information Security Officers. Today’s CISOs must do more than protect systems and data from the latest threats; they must become business enablers and champions of risk-based security programs.
Bridging the gap between cybersecurity and the business, however, remains an aspirational goal for many who struggle to understand where to begin. At ThreatConnect, we believe the first step in tackling each of the challenges we’ve explored starts with understanding the strategic advantages of shifting to a risk-led security program. Without understanding that risk is a business issue, not a technical issue, CISOs will likely not focus their resources on the right things.