Virtual CISO: Solving cybersecurity growing pains?

Share on facebook
Share on google
Share on twitter
Share on linkedin
Time to Read: 3 minutes

There comes a time in every company's life when events force management to take a new look at how they handle IT. In some cases, it is simply that they realise the current situation is holding them back, risks are being taken and mistakes made. For others, it will be their success, where it becomes necessary to have greater and more dedicated resource allocated to IT

One of the key drivers for hitting that crossroad is certainly IT security – and usually on the back of a series of near misses or a confirmed attack of some kind, whether a virus, hack or data breach.  The pain and reputational damage experienced after such an incident is lasting and something most companies want to move quickly to avoid happening again. A 2019 Ponemon Institute research report revealed that a data breach results in abnormal customer turnover of 3.9% on average. Indeed, the financial consequences of customer attrition comprise the majority (36%) of the total cost of a data breach. However, organisations with an incident response team minimise this cost by an average of $370,000. Organisations with a senior-level leader, such as a Chief Information Security Officer, directing initiatives that improve customer trust helps retain customers, consequently reducing the cost of a breach.

The outsourcing itch

The problem is that building an IT team, and specifically a cybersecurity team, takes time, money and dedication. Great people with extensive industry experience are in short supply, top Chief Information Security Officers (CISOs) are expensive, and even if they can join your company it might be six months before they can start. Even once they are through the door, the process of assessing the cybersecurity posture of the company, planning and implementing changes, or indeed hiring and training staff, can take months.

Related Article  China’s Updated Cybersecurity Rules Might Perplex US-China Trade Relations

For some, deciding to outsource all IT operations has helped overcome some of the key problems with building a team. However, it is not a realistic option for companies that are large enough and lucky enough to already have a good IT team, or those that are growing, but lack the ability to make the kind of financial investments for a dedicated CISO. 

Outsourcing IT wholesale has its risks too. In the case of security, it simply becomes one of the many tasks an external team needs to get through in the limited time that they have, in much the same way as an internal IT team would struggle. Sure, they will check all the essential firewall and other configurations are in place and maintain systems – but those are purely fundamental tasks. In the long-run this is ineffective and can lead to a false sense of security.

It doesn’t need to be all or nothing

For large and growing companies, a much more strategic approach is needed towards cybersecurity.  One that encompasses current needs, the strategic direction of the company, as well as the evolving threat and technology landscape.

A different way to approach the challenge of gaining immediate access to an experienced CISO that can offer the support a company needs to rapidly improve their security posture, is hiring a virtual CISO. This is an individual with decades of industry experience that a company can use to enhance and advise its internal IT team, without needing to find, wait and pay for, an expensive CISO to join the company. 

Related Article  Beating Back Cyber Attacks With Analytics - A Topical Perspective

Some companies use virtual CISOs as an external risk auditing resource, whereas others will take advantage of their industry experience to assess technology for mitigating future threats and build an implementation roadmap that aligns with the future goals of the company.

For some, the idea of being tied to external outsourcing companies is an uncomfortable one, but the role of virtual CISO is really one of a trusted advisor. Whilst they can of course play an active role in the implementation of technology and running cybersecurity operations, their key benefit is their experience and strategic insight. For many companies this is used as a bridging mechanism, a way to deal with their immediate security needs, but using the virtual CISO’s experience to build the internal team, processes and resources that will eventually replace them. Even acting as part of the selection and interview process for their direct replacement.

A CISO worth considering

Whatever has led a company to the position where it knows it must up its cybersecurity game – speed and strategy are of the essence. The virtual CISO can be a role that enables both, without being a long-term investment. It can remove complexity and that ‘rabbit in the headlights’ feeling, buying a company time to make more considered and strategic decisions, whilst rapidly and cost effectively solidifying its stance on cybersecurity. It’s a different approach worthy of consideration when cybersecurity is forced to the top of the IT and boardroom agenda.

Leave a Reply

SUBSCRIBE FOR XTECHALPHA NEWS AND RECEIVE WEEKLY UPDATES

Xtechalpha Xclusive

RSS Latest Technology News

  • YouTube says exclusivity deal with Activision "further demonstrates its dedication" to livestreaming January 26, 2020
    Activision Blizzard has finalised a deal that makes YouTube its "exclusive worldwide third-party provider" for livestreaming. The "multi-year strategic relationship to power new player experiences" sees Google Cloud serve as the "preferred provider for ...
    Vikki Blake
  • Review: Houdini Sportswear's Power Air Houdi January 26, 2020
    At WIRED, we often have microplastics on our minds. But in between debating whether to carry bamboo or stainless steel utensils to reduce waste or comparing the merits of different travel mugs, we often overlook an important source of microplastic waste: ...
    Adrienne So
  • LPL suspends League of Legends matches due to Coronavirus outbreak January 26, 2020
    China's League of Legends Pro League has called off their upcoming week 2 matches and expressed safety risks following the spread of the ongoing Coronavirus outbreak. The recent outbreak of the Coronavirus, which is believed to have originated in ...
    Daniel Cleary

Follow Us

Virtual CISO: Solving cybersecurity growing pains?

by Puneet Time to Read: 3 min
0
AI Tool to Reshape Treatment by Predicting Cell Behaviors
Get to know the latest updates on exponential technologies, new age industry segments with our weekly XTechalpha Xclusive newsletter straight in your mailbox.