Just last week, the RSA Conference was held. This is the biggest Cyber gathering on a
global basis, where pretty much every vendor from the sun comes out, sets up a
booth, and showcases their latest products and solutions.
Keep in mind that this is not an event for just the larger
Cyber companies, but even the startups are welcome to have a booth their as well. It is also a time when the leaders in Cyber,
not just from the business community also come out to share their thoughts and
ideas.
This year’s RSA conference was a very special one, because
this the first face to face one that happened in two years, ever since COVID-19
struck. With so many people attending, a
lot of attention was paid to the CISOs there, and were asked what their
thoughts were as we now come in the second half of the year.
So what is concerning them for this time period? Here is what was discovered:
1)
The lack of workers:
While it is a known fact for quite
some time, CISOs for the first time I have seen have actually disclosed the fact
that they are worried about filling in their empty spots. Although this feeling was echoed by a many of
the SMBs, those that have 50 or fewer employees are really feeling the pinch. The companies polled were also concerned about
employees maintain a strong level of Cyber Hygiene, and supply chain attacks,
such as the one illustrated by Solar Winds.
Even the vetting process used to find the right third party to work with
is a strong concern, especially for healthcare organizations.
2)
The movement to the Cloud:
With the Remote Workforce now
taking a permanent fixture in Corporate America, many businesses are now moving
to the Cloud, 100%. Meaning, they are
getting rid of being On Prem and now adopting a Private Cloud or even a Hybrid
Cloud infrastructure. But interestingly
enough, it is the SMB that is taking the lead here, not the bigger companies. For example:
*75% of the SMBs (those with less
than 50 employees) have either made a full migration to the Cloud, or are planning
to.
*Only 13% of the larger businesses
(those with more 10,000 employees) have made a full adoption to the Cloud.
Not surprisingly, software
security, especially those involving open-source APIs are a top concern for the
CISO (at 62%), and the implementation of DevSecOps (at 54%).
Also, the reason why the larger companies
have not totally migrated to the Cloud yet is that they still have a lot of
legacy infrastructure that has to get moved over. Since they have larger balance sheets than
versus the SMB, they can afford to wait in order to take the big plunge.
3)
Cybersecurity Insurance:
Not surprisingly, this is a need that
many CISOs echoed at the RSA Conference.
But the also admitted that they are having a much harder time getting a
good policy, because of all of the compliance checks that are now being
demanded by the insurance carrier.
Another huge impeding factor is the fact that covering Ransomware
payments is no longer being included in many policies, along with escalating premiums
because of the rise in inflation. In
this regard, the insurance carriers are also being blamed for making blanket
requirements, without assessing the true security environment of an applicant.
My Thoughts On This:
Some good news here is the 74% of the CISOs polled think that
they will see an increase in their budgets in the second half of this year. But on the downside, only 24% are making use
of Threat Intelligence. This is quite
surprising, since there are many automated tools out there that can help not
only analyze but even predict what the future holds. This is an area which needs to be paid attention
to very closely.
In the end, the one question that did not get asked is how long
the traditional role of the CISO will last.
IMHO, the days of hiring a traditional CISO with a great salary, perks,
benefits, and stick options are now coming to an end, most likely this year. Many businesses are now starting to
understand the value of vCISO.
No comments:
Post a Comment