What Do CISOs Prioritise To Improve Cybersecurity?

Uploaded on 2018-02-19 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

In a new study by The Financial Services Information Sharing and Analysis Center (FS-ISAC), CISOs weighed in on the most critical cyber-defense methods, frequency of cyber-preparedness reporting to their respective boards of directors as well as the current cyber chain of command within their respective financial organisations.

Critical Defense

  • CISOs surveyed were split on their top priorities for securing their organisations against cyber-attacks. 
  • 35 percent of CISOs surveyed said that employee training is a top priority for improving security posture in the financial sector. Infrastructure upgrades and network defense are also prioritised by 25 percent of CISOs; and breach prevention by 17 percent.
  • CISOs reporting into a technical function like CIO prioritize infrastructure upgrades, network defense and breach prevention.
  • CISOs reporting into a non-technical function like the COO or the General Counsel prioritize employee training.

Frequency of Reporting
While cyber-security used to be handled in the server room, it is now a board room topic. The study found that quarterly reports to the board of directors were most common (53 percent) with some CISOs (eight percent) reporting more than four times a year or even on a monthly basis. 

In the era of increasing security threats and vulnerabilities, CISOs know that keeping top leadership and boards updated regularly on these security risks and effective defenses is a top priority.
Most CISOs report to CIO, not CEO

As security has increasingly become a concern for financial institutions, the role of the CISO has been thrust into the organisational spotlight. The study found that the majority of CISOs don’t report to the CEO; the top cyber chain of command is more likely to be the CIO; followed by CRO and then COO.

  • Sixty-six percent of CISOs report into the CIO, CRO and COO. Only eight percent of CISOs report into the CEO. The study found that the reporting relationship did not impact frequency of reporting to the board of directors on cyber-security.

Recommendations for 2018
Training employees should be prioritised for all CISOs, regardless of reporting structure because employees serve as the first line of defense. 

Employee training should include awareness about downloading and executing unknown applications on company assets, and in accordance with corporate policies and relevant regulations, and training employees on how to report suspicious emails and attachments.

HelpNetSecurity:

You Might Also Read: 

Three Most In-Demand Cybersecurity Jobs:

What Every CISO Needs To Know:

Bank of England: Cyberattacks A 'Clear and Present Danger':


 

 

« What Does The US Air Force Want From AI?
Discover Your Inner Spy »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Praetorian

Praetorian

Praetorian is an offensive cybersecurity company whose mission is to prevent breaches before they occur.

Proact IT Group

Proact IT Group

Proact is Europe's leading independent data centre and Cloud services enabler. We deliver flexible, accessible and secure IT solutions and services.

Flexera

Flexera

Flexera is reimagining the way software is bought, sold, managed and secured.

Idaho National Laboratory (INL)

Idaho National Laboratory (INL)

INL is an applied engineering laboratory dedicated to supporting the US Dept of Energy's missions in energy research, nuclear science and national defense including critical infrastructure protection.

ComCERT

ComCERT

ComCERT SA is an independent, private consulting company focusing in the assistance of its customers facing the dangers of cyber threats and security incidents.

IoT Defense

IoT Defense

IoT Defense (IOTD) is a cybersecurity and networking company building solutions that enable the protection of networks and the ever-increasing prevalence of IoT devices.

National Initiative for Cybersecurity Education (NICE) - USA

National Initiative for Cybersecurity Education (NICE) - USA

NICE is a partnership between government, academia, and the private sector focused on cybersecurity education, training, and workforce development.

Method Cyber Security

Method Cyber Security

Method offers a Cyber Security Risk Management training course for those responsible for the security of industrial automation, control and safety systems.

Venrock

Venrock

Venrock helps entrepreneurs build some of the world's most disruptive, successful companies. We invest in technology: Security, Cloud Services, Big Data, Healthcare IT, AdTech.

CONCORDIA

CONCORDIA

Concordia is a Cybersecurity Competence Network with leading research, technology, and competences to build the European Secure, Resilient and Trusted Ecosystem.

AirEye

AirEye

AirEye is a leader in Network Airspace Protection (NAP). Block attacks against your corporate network launched from wireless devices in your corporate network airspace.

HiddenLayer

HiddenLayer

HiddenLayer is a provider of security solutions for machine learning algorithms, models and the data that power them.

European Cybersecurity Competence Centre (ECCC)

European Cybersecurity Competence Centre (ECCC)

The ECCC aims to increase Europe’s cybersecurity capacities and competitiveness, working together with a Network of National Coordination Centres to build a strong cybersecurity Community.

SphereX Technologies

SphereX Technologies

SphereX is the first on-chain security solution for Web3 applications.

Texaport

Texaport

Texaport's vision is to be the trusted partner of choice for organisations seeking comprehensive IT management and cutting-edge security solutions.

Clutch Security

Clutch Security

Clutch Security are on a mission to secure all Non-Human Identities. Everywhere.