Which aspects of security do you think CISOs need to focus on this year?
Subhalakshmi Ganapathy, product evangelist, ManageEngine
CISOs should focus on investing in integrated security systems that identify threats in real time, have analytical capability for providing swift response, combat insider attacks, ensure accountability in resolving security incidents, and seamlessly communicate with IT operations for better analysis. They should also focus on AI-powered cybersecurity to combat sophisticated attacks. They must see value in investing in explainable AI technologies, protecting AI training data and the ML models, and adopting technologies like homomorphic encryption.
Plus, CISOs should focus on taking cloud security to the next level by fostering a strategic cloud security culture across departments. Concentrating on privileged access management—and synchronizing it with the on-premises environment, in the case of hybrid platforms—will help prevent unauthorized access and data leakage.
Endpoint protection should also be a top priority.
Ammar Enaya, Vectra: Too often the security function is seen as inhibitive by their internal stakeholders ― a department that too often says ‘no, you can’t do that’. The CISO to be a trusted advisor that partners with the lines of business, leading the discussion about risk, and being part of the solution that appropriately secures and enables new business initiatives.
In progressive organisations, cybersecurity isn’t just seen as a technology and policy issue. The line of business needs to take some accountability for security decisions that affect them, so that security becomes a shared issue across all elements of the enterprise. This changing of organisational mindset isn’t easy — it takes time, and requires an adept CISO who can move, influence and carry respect in both the business and security and risk domains. A successful CISO is a catalyst to embedding a positive security culture across the organisation.