Most Fortune 500 companies have a position called Chief Information Security Officer (“CISO”). Wikipedia defines the CISO as “the senior-level executive within an organization responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected.”
In my experience, the CISO reports to the CEO (less frequently to the CIO) and often has direct communication with the Board. Fortune 500 Boards are worried that they do not fully understand the risk of cybersecurity or the plan to mitigate that risk. A breach against their company can result in a loss of billions in market capitalization in a short period.
What do you do if you are not a Fortune 500 company? Are you worried about your state of cybersecurity readiness? How do you secure the knowledge of a person who has a cybersecurity background, who can dive into your business to understand the risk and capability gap, and can help you invest in the right tool(s) to close that gap?
While many of us have IT staff, we do not have the need (or budget) for a full-time security czar. In these cases, I recommend exploring a virtual CISO; a person who spends a few hours per week might be all you need to assess your current state and assist the technology people you already have in effectively managing cybersecurity risk. Like you may do with many other highly technical roles, you can “rent” a virtual CISO as much as you need.
You will recall in our recent Cybersecurity webinar, Axis Technologies CEO George Bower and I discussed the threat landscape, cybersecurity frameworks, tools, and policies you should have in place. Notably, a virtual CISO is one of Axis Technologies’ service offerings. The upside is they can quickly help you assess your specific risk from cybercrime and develop a plan to mitigate it appropriately, covering things like:
- Developing information security policies
- Education and monitoring of compliance by your team
- Tools such as single sign-on (SSO) and multi-factor authentication (MFA)
- Even better are AI-enabled tools that run in the background, checking every email that arrives (Dark Trace is a leading example)
It’s Q4 and most companies are in the planning and budgeting process for 2021. If you have not already assessed your cybersecurity risk and strategy, you should do so now. You need enough information to make informed decisions about your companies exposure to cybersecurity attacks, then you can plan your budget accordingly.
Let me know if I, or any of the partners at BKM Sowan Horan, can help.