For some threat actors, Halloween stays all year round.
Despite the CISO’s tireless efforts in implementing policies, battling for adequate budget allocation, and dodging the looming threat of cyber incidents, the challenge is an ever-evolving puzzle. So, as we step into this relentless ‘cyber haunted house,’ the hunt for vulnerabilities begins anew.
Supply Chains to Hell
A CISO can implement superb cyber strategies, deploy the most advanced tools, and have a team of superstars who regularly educate the entire staff on cyber-awareness. All of this is not worth anything if one of the service providers connected to their network does not apply the same security hygiene. Malicious actors will do their best to penetrate peer contractors systems, vendors, suppliers, or other service providers via the weakest links in the chain.
Supply Chain (or third-party) breaches are a common corridor towards connected networks. In many cases, a company must be connected to other vendors or service providers to operate smoothly. This causes CISOs to be helpless and powerless, as on many occasions they cannot do much to protect against poor cyber posture. In other events, a company’s data, which is stored in an external remote site can be a target for leakage and hazard.
Keeping the company protected from cyber threats is a team effort.
While CISO is the head of the system, security-wise. He has broad responsibilities not only for his, and his team’s job but for the entire staff and external entities that are connected to the company network. Undisciplined, uneducated, and unaware employees are the main reasons for cyber incidents in the organization.
Funny enough (and despite the stigma of technophobic senior staff), much research indicates that it’s the young employees who are liable for the majority of cyber events. Their single point of failure is the result of poor cyber-hygiene and can occur in many ways such as using weak passwords, sharing the same password over multiple devices, sharing work equipment with friends or family, or even clicking on suspicious URLs over unvetted emails.
According to HelpNetSecurity research, Millennial and Gen Z office workers are more than twice as likely to have unsafe cybersecurity habits, such as reusing passwords between home and across multiple devices and logins.
All sections above addressed the CISOs’ worst nightmares. challenges they must overcome to fulfill their job. Sadly enough, no one talks about the true fear factor lurking in the dark; The fear of letting yourself, down, letting your staff down, keeping your workplace exposed, and eventually losing your job. For CISOs, the margin of error is very limited, and forgiveness is rarely given. There is no wonder then, that CISOs are suffering from an ongoing and tremendous level of anxiety.
In 2023, the World Economic Forum ranked for the first time cybercrime and cybersecurity as one of the top ten global risks, over both a 2-year and 10-year period. According to ZDNET research, the Average duration of a CISO in a company is just 26 months. After drilling down the reason for that period, ZDNET found out that most cases it is related to a high level of stress, tension, and burnout in the workspace. A vast majority of interviewed CISO executives (88%) report high levels of stress, causing physical and related mental health complications.
It is scary to be a CISO. There are many spooky things to be aware of, but with enough courage, knowledge, and some luck, rest assured you’ll live to treat another day.