unofficial guerrilla cyberconflicts which only
seem to be escalating and this is impacting the
threat and compliance landscape.
How to potentially bridge the gap
Whether it’s a malware attack, a DDoS attack
or some excitingly innovative approach we
have yet to encounter, employees can either
play a pivotal role in protecting organisations
or significantly increase the risk we face when
it comes to information protection.
To better prepare staff, organisations should
already be ensuring employees at all levels
in the organisation are informed, actively
engaged and trained to make appropriate
decisions. This is not a new challenge
but continues to post a threat for most
businesses: our latest Data Threat Report
showed that almost half of IT experts still
cite executives and employees as a point of
vulnerability. This will help them to be in a
better position to repel the next attack when
it takes place – be assured that this is ‘when’,
not ‘if’.
However, simply training staff isn’t going
to change things. Organisations must work
harder to create a more diverse workforce.
And there will be opportunities. For example,
when an organisation invests in technical
tools to provide more intelligence around
www.intelligentcio.com
“
WE ARE IN THE
MIDST OF MANY
UNOFFICIAL
GUERRILLA
CYBERCONFLICTS
WHICH ONLY
SEEM TO BE
ESCALATING
AND THIS IS
IMPACTING THE
THREAT AND
COMPLIANCE
LANDSCAPE.
threats, or higher levels of protection,
additional staffing resources may be needed
to configure systems, manage and analyse
and respond to findings.
Equally, when an organisation implements
training and awareness initiatives to arm
their staff, new staff may also be required
to design and manage awareness work
ongoing. A diverse intake of staff at this
point will allow the new tools, or initiatives,
to be designed, implemented, measured and
managed in new and unexpected ways.
To widen the hiring pool, organisations
can also usefully consider candidates with
skills that are less obviously relevant to
information security, such as marketing,
sales, communications and logistics. They
can also create a talent pipeline for the
future through apprenticeship schemes or
internship programmes.
Culture and the sacrificial CISO
As organisations work to improve their ability
to manage information risk, the importance
of having a Chief Information Security
Officer (CISO) is also being recognised very
broadly. However, the person in this role
needs to be a part of regular discussions at a
boardroom level to engage effectively with
senior staff and hence encourage them to
sponsor organisational change.
It is also important to recognise the impact of
different security cultures. The role of the CISO,
for example, varies hugely depending on the
INTELLIGENTCIO
47