CISOs Need Teamwork & A Strategic Framework

Uploaded on 2016-08-19 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

NIST Enterprise Architecture Model

Eduardo Cabrera is the Chief Cybersecurity Officer at Trend Micro, responsible for analyzing emerging cyber threats to develop enterprise risk management strategies. Before joining Trend Micro, he was a 20-year veteran and former CISO of the United States Secret Service.

Given his background, Cabrera is eminently qualified for offering insight about information security challenges in both the government and the private sector.

Freedom to innovate

While serving in the US Secret Service, Cabrera lead information security, cyber investigative, and protective programs. “I lean on this experience and trusted partnerships daily to understand emerging threats but also to help develop resilient risk management strategies for Trend Micro and its Fortune 500 clients and strategic partners,” he says.

As you can imagine, working for the government has its unique challenges, and it’s not just about the paycheck.

“The differences are in perspective and mission. With that said, there is definitely a level of freedom found in the private sector that isn’t found in government. But the most significant freedom is the freedom to innovate. The speed and agility of innovation is incredible. I think that’s where the private industry, specifically cybersecurity companies, excel and can really help law enforcement, as well as the public sector at large, mitigate and eradicate the dynamic threats we see daily,” he explains.

The big picture

Companies may not fully understand the nature of modern threats, and simply placing a higher priority on security may not lead to improved measures, according to a CompTIA survey.

When asked what advice he would give to those new to the CISO position, Cabrera emphasized the importance of teamwork. “Listen! Listen to your direct reports. Listen to your organization’s business units or divisions. Listen to your partners in your sector and most of all listen to your partners in government,” says Cabrera.

“Cybercriminals have incredible networks that now allow them to automate and orchestrate their criminal enterprises. They do so by scaling trust within these criminal undergrounds. We need to do the same. The only way to defeat a network is to be a network. This requires much more trust on our side. We currently suffer from a trust deficit between private industry and government that will only be overcome by working closer together,” he concluded.

Strengthening your cybersecurity strategy

When it comes to the essential steps for strengthening and refining cybersecurity strategy in a large organization, Cabrera believes that a framework really comes first.

Unsurprisingly, he’s a big fan of the NIST Cybersecurity Framework, which consists of standards, guidelines and practices that help organizations address cyber risks by aligning policy, business and technological approaches. It was created by the National Institute of Standards and Technology (NIST) in partnership with the US Department of Homeland Security and the private sector.

It allows organizations to shift from old static information security best practices to proactive cybersecurity risk management standards. It maps existing industry standards such as NIST and the International Standardization Organization (ISO) to five core functions: identify, protect, detect, respond, and recover.

“The framework is critical for CISOs and their teams to build a cohesive strategy to brief up to the board room as well as down to the server room and apply the critical resources where they are needed most,” says Cabrera.

According to the information technology research company Gartner, the framework is now used by 30 percent of US organizations, and that number is projected to reach 50 percent by 2020.

A look into the future

We are in the midst of an Internet of Things explosion. 76% of companies interviewed by Vodafone believe that taking advantage of IoT technologies will be critical for the future success of any organization.

“Advances in technology are improving all aspects of our lives, however it is equally improving the lives of cybercriminals. With each new advancement there is a new opportunity for them to target, attack and monetize,” says Cabrera.

While 63% of companies have IoT devices already deployed, only 34% have security measures in place, indicating that the IoT is opening up new threat vectors but too few organizations are focused on preventing connected devices from being compromised.

“A layered connected threat defense using Big Data analytics and machine learning will be required to bring together often disparate and overlapping security stacks where visibility and control are the biggest challenges. It is needed today but will be essential in the coming years for CISOs and their teams,” explains Cabrera.

HelpNetSecurity

 

« New Airport Security Technology
Google Uses AI To Save On It’s Energy Bills »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Titania

Titania

Titania provide network security and compliance software. Find your Network Security gaps before hackers do with our security & compliance tools.

Thycotic

Thycotic

Thycotic prevents cyber attacks by securing passwords, protecting endpoints and controlling application access.

TUV Sud

TUV Sud

TÜV SÜD is a leading technical service organisation. We specialize in testing, certification, auditing, training, and advisory services for different industries.

Naoris Protocol

Naoris Protocol

Naoris is the world’s first holistic blockchain-based cybersecurity ecosystem, bringing a game-changing solution to address 35 years of industry similar practice.

Accelerator Frankfurt

Accelerator Frankfurt

Accelerator Frankfurt is an independent go-to-market program focused on Fintech, Cybersecurity and Digital B2B startups.

Jump Capital

Jump Capital

Jump provides series A and B capital to data-driven tech companies within the FinTech, IT & Data Infrastructure, B2B SaaS and Media sectors.

BullGuard

BullGuard

BullGuard is an award-winning cybersecurity company focused on providing the consumer and small business markets with the confidence to use the internet in absolute safety.

Axxum Technologies

Axxum Technologies

Axxum Technologies is a premier provider of Network Communications and Information Technology Security Solutions.

Binary Defense

Binary Defense

Binary Defense protect businesses of all sizes through advanced cybersecurity solutions including Managed Detection and Response, Security Information and Event Management and Counterintelligence.

Sharktech

Sharktech

Sharktech designs, develops, and supports advanced DDoS protection and web technologies.

OneLayer

OneLayer

OneLayer provide enterprise grade security dedicated for private LTE/5G networks. We ensure that the best IoT security toolkit is implemented in your cellular environment.

Polestar Industrial IT

Polestar Industrial IT

Polestar work on both sides of the IT & OT divide. Network, Data & Asset Security is our priority. Polestar installations are robust and resilient and comply with the appropriate security.

AI Spera

AI Spera

AI-Driven Cyber Threat Intelligence Security. AI Spera provides real-time intelligence to empower your security competences in all aspects of the business.

AirDroid Business

AirDroid Business

AirDroid Business is an efficient mobile device management solution for Android devices, helping businesses to remotely control and access devices in large quantities using a centralized approach.

Exium

Exium

At Exium we’ve integrated networking and security in a cloud-delivered Zero Trust platform powered by 5G and open source.

Ionize

Ionize

Ionize offers solutions to help you uplift your capability across the full-spectrum of cyber security - assessment, remediation, monitoring, governance and ongoing education.