CISO, The Board Is Listening
Given the volume of embarrassing and financially impactful breaches over the last few years, security leaders are getting fresh and unparalleled attention. Security teams have been clamoring to be heard by corporate leaders and executive boards for many years. Now they are. According to ZDNet’s Dion Hinchcliffe, CISOs and business executives have never been more aligned. Hinchcliffe, who placed “new types of cybersecurity”on his list of technologies to watch in 2015, wrote:
[V]irtually the only technology topic that IT and business executives are fully aligned on is security. In the post-Snowden era, insider threats are understood to be perhaps the primary vector, but threats can come from just about any direction, often those unexpected.
One of Hinchcliffe’s specific security technologies to watch included data loss prevention. Data loss can come from ‘unexpected’ threat areas including third-party vendors, partners, and suppliers.
Are You Watching Third Party Risk?
Third party risk is one of the most invisible and vulnerable segments of the security landscape. Last November, Booz Allen ranked third party risk as the number one trend in its list of top financial services trends for 2015. The strategic consulting company stated:
In 2015, there will be a shift towards active cyber risk mitigation and monitoring with third parties, versus the current ‘self-certification’ process that is proving less reliable. Third-party relationships will no longer be an afterthought and security will be built in by design…
With this new security attention comes higher levels of risk scrutiny and accountability. Now that the CISO has a vocal seat at the executive board’s table, what will they do with it?