Yoran Sirkis is CEO and cofounder of Seemplicity—a risk reduction and productivity platform for modern security teams.
getty
Companies are undergoing digital transformation in an effort to implement the most efficient tech-based approaches to streamline and turbocharge their businesses. Although these technological overhauls may help businesses gain a competitive edge, they also have a downside: multiplying the openings for cyberattacks.
Cyberattacks are on the rise. 2021 saw a 31% increase in attacks per company when compared to 2020, so it is no surprise that a recent Gartner survey revealed that 88% of Boards of Directors see cyber threats as an acute business risk, signaling a growing role for the chief information security officer, or CISO.
Traditionally, a CISO has been reactive, fending off threats as they arise, but this has had to evolve alongside the growing volume of vulnerabilities digitalization has spawned. Now, CISOs play a much more multifaceted role with additional responsibilities, including the need to broadly understand a growing gamut of security risks, communicate complex technical issues to non-technical board members and executives, develop business-oriented security tools and coordinate with multiple teams (DevOps, developers, IT, operations).
Not only does this pose cross-organizational challenges, but it often spreads CISOs too thin, giving rise to poor work-life balance and burnout. Ironically, instead of their value increasing alongside the expansion of their roles, CISOs are often becoming less efficient as tasks overwhelm them. Additional research from Gartner reveals that only 12% of CISOs can effectively execute all areas of their responsibilities.
That is why there is much today’s CISOs can learn from today’s yoga masters, including lessons around flexibility, strength and equanimity.
Downward Dog - Stretching Down
As digitization skyrockets across all industries, security teams are required to run a variety of often siloed security tools to monitor their companies' growing attack surface—a chaotic workload that's challenging for even the most seasoned of CISOs.
CISOs must therefore make proactive efforts to aggregate and organize their remediation protocols to efficiently manage down, establishing an unobstructed and centralized view of their security hygiene to best protect their company’s assets. This increased visibility promotes expeditious responses to issues that may otherwise go unnoticed.
Upward Salute - Stretching Up
Just as important as refining a bird’s eye view into the company is apprising upper management with data-driven insights in easy-to-understand language to inform key business decisions. By keeping an open line of communication between CISOs and company executives, remediation of security weaknesses can be more accurately tracked and remedied, streamlining workflows as well as alleviating workloads.
Warrior Pose - Stretching Across
A lot relies on a CISO’s singular capacity to ensure their organization’s security across all departments, including R&D, IT, DevOps teams and even HR, legal and marketing.
But it doesn’t have to be this way. CISOs need to empower non-cybersecurity staff to weave non-disruptive security measures into their tasks, which will enable CISOs to offload considerable work.
A CISO can bolster their company’s security by cultivating a forward-looking talent strategy that educates security staff on business competencies. This eliminates inter-departmental miscommunication and opens the opportunity to establish department-specific goals and metrics in close cooperation with key players from departments across the company.
Savasana - Conclusion
To accomplish all of the above, CISOs need to step up from their supportive, technical-bound roles into more active leadership positions. As such, a CISO can dictate the best company-wide actions that prioritize their organization’s ability to operate efficiently against waves of malicious attacks and attempted breaches. CISOs should also act as the tech experts they are, finding and utilizing technologies that unify, organize and uncomplicate their remediation processes.
CISOs have a unique opportunity to help fulfill the essential business goals of their companies as digitalization becomes a prominent staple of the modern workplace. Much like the key to yoga is living in the moment, the key to a CISO’s success is preparing in the here and now for the possibilities of the future.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
