Top Challenges for CISOs: Rising External Threats and Regulations


IBM recently released the 2014 CISO Assessment, a study that predicts challenges security leaders will likely face in the next 5 years. posted a great recap on IT Governance here. See below some of the highlights.

External threats are on the rise

80% of the 138 security leaders interviewed have seen the external threat increase in the past three years, while 60% said that the sophistication of attackers was out­stripping the sophistication of their organization’s defenses. Half of the security leaders interviewed believe that external threats will require the most organizational effort to address over the next three to five years.

Uncertainty about government action

Almost 80% of respondents said that the challenge from government regulations and industry standards has increased over the past three years, and 60% are uncertain about whether governments will handle security governance on a national or global level, and how transparent they will be.

Only 22% think that a global approach to combating cyber crime will be agreed upon in the next three to five years.

[dt_gap height=”25″]

The CISO’s influence is growing

A key finding of the 2014 CISO Assessment is that CISOs are obtaining more power – a shift that reflects the need to address the more challenging external threat landscape.

90% of security leaders strongly agree that they have significant influence in their organization.

71% of the respondents strongly agree that they are receiving the organizational support that they need, and 62% said that they develop their security strategy in conjunction with other strategies (primarily IT, risk and operations).

New security technology – top focus area

More than 70% of the respondents see themselves as very mature with regard to network intrusion prevention, advanced malware detection and network vulnerability scanning, but 28% identified data leakage prevention, Cloud security and mobile/device security as the top three areas in need of dramatic transformation.

72% of security leaders said that real-time security intelligence is increasingly important to their organization.

75% of security leaders expect their Cloud security budget to increase or increase dramatically over the next three to five years.

Less than half of the security leaders said that they have an effective mobile device management approach.

Finding a solution

Dealing with the rising cyber threats and responding to regulatory pressures, in addition to deploying new technology and improving internal skill levels, requires a holistic approach such as that provided by ISO 27001.

ISO 27001, the international information security standard, sets out the best-practice requirements for implementing an information security management system (ISMS), “a systematic approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organization’s information security to achieve business objectives”.

An ISMS encompasses people, processes and technology, and helps you coordinate all of your security efforts (both electronic and physical) coherently, consistently and cost-effectively.

Furthermore, as an internationally recognized standard, ISO 27001 can help organizations create a framework for complying with regulations and standards on a global scale.