CISOs' voice: what is on their agenda next year?
The role of the Chief Information Security Officer (CISO) is to coordinate all the activities related to securing information within an organization. It is an extremely complex task requiring the setting of expectations, establishing priorities and keeping a close watch on the external threat landscape and legislative environment. They are the first line of defense against cyber-attacks and responsible for preparing organizations to manage these.
Priorities for organizations differ from industry to industry and are dependent on risk factors, scale and budget restrictions.
In this article, we hear from two CISOs from different organizations on their priorities and views for the year ahead.
ICL is a leading global specialty minerals company creating impactful solutions to sustainability challenges in the global food, agriculture, and industrial markets.
“CISO’s will work even closer with governmental organizations. In 2 or 3 years from now, we may even luckily observe a decline in ransomware attacks due to this increased collaboration.”
My two primary focus areas for the year ahead are firstly, managing and preventing ransomware attacks and secondly, ensuring the successful implementation of Industry 4.0 initiatives and innovations. At ICL, we partner with third party providers, who are vital to our organization but must also be protected and are at risk of attack themselves. As business is increasingly dynamic and the attack risk is evolving, embracing and enabling innovation is a constantly exciting challenge for my team.
Ransomware is a serious and growing threat for all organizations
Ransomware attackers operate globally, often with widespread, high impact consequences. Collaboration between industries, organizations and state agencies is essential in handling these types of attacks.
There is still much to be done in being better prepared against ransomware, as we have experienced during the covid pandemic. Nobody is spared from these attacks, including industry, which is frequently targeted.
However, many actions have already been implemented in the face of the current threat landscape and collaboration between the different partners is already in place.
Some of the larger economic powers have already taken steps in changing the way they protect industry from cyber threats and other countries will follow. Management is becoming more involved in fighting cyber threats.
Our management is proactively aware of the cyber risks we face and the potential impact. In response, resources are justifiably allocated to ensure the appropriate defenses are in place. Support from management is essential in reaching our required defense levels.
There is continual dialogue with ICL management. We are also closely aligned with internal audit and compliance to ensure we are always up to date and aware of our current maturity levels.
Cyber criminals are very sophisticated and determined. As a result, in-house resources – both in terms of teams and tools – are vital. Management has placed specific focus on the CISO activity, providing the appropriate level of resources and support.
The role of the CISO has developed during the past 5 years However it is still evolving in the face of current challenges within organizations. CISO’s will work even closer with governmental organizations. In 2 or 3 years from now, we may even luckily observe a decline in ransomware attacks due to this increased collaboration.
Enabling innovation is one of the CISO’s most important tasks
As CISO’s, we are in charge of driving the company’s cybersecurity culture to manage potential security crises. Our role has two main areas of focus:
- Leading the company to better security, technology, and readiness
- Being able to resist an attack, overcoming it and returning to normal business activity
Therefore, for a CISO to successfully drive those two missions, it is necessary to take every stakeholder into consideration, including third-party suppliers, cyber communities, and startups. As innovation is a key element, we need to take advantage of new technologies and collaborate more closely with startups.
Head of Information Security, Bank of Sharjah
Bank of Sharjah was established in 1973 as the first commercial bank in Sharjah and the fifth in the UAE. Since its inception, the Bank has played a key role in the economic growth of the Emirate of Sharjah in particular, and the growth of the United Arab Emirates in general.
Bank of Sharjah is a financial institution listed on the Abu Dhabi Securities Exchange and headquartered in Sharjah.
“I am seeing management teams begin to include cyber risk management as an integral element of their annual planning activities which I expect to continue in 2022.”
As a person responsible for Information Security of a Bank, my primary area of focus is on Financial Cybersecurity Risks that may be triggered due to new digital transformation initiatives such as Fintech Integration, Neo Banking, E Commerce/ M Commerce, Cloud Migration etc. as well as Credential and Identity Theft, Ransomware, DDoS, Insider Threats and the kind of disruptive cyber-attacks that could impact our ongoing operations in significant manner.
Technology innovations are always considered as invaluable to the growth, progress, and evolution of any business. The new technology trends seen in the market are pivotal in leading the “digital” revolution which is expected to shape the dawn of the coming decades. The explosive adaptation of new technologies such as cloud computing, big data, data science & analytics, Blockchain, Artificial Intelligence, IoT, Quantum Computing and the increased internet usage by business and public will lead the business world to unprecedented developments in the late 21st century and beyond. However, I am sure that in addition to the overwhelming benefits of these disruptive new age technologies, we should be mindful of safety and security issues that may increase significantly.
These new age technologies have transformed the world into a small, connected world with the help of the internet. The connectivity advancements enabled by the new age technologies will definitely change the cyber threat landscape in a very significant manner. To combat the changing cyber threat landscape businesses need to heavily invest in new security solutions and in hiring experts with experience in these.
The demands and expectations set by investors and regulators these days have been a wake-up call for the management teams of worldwide businesses, and it has become imperative for the management teams to monitor the cyber threat landscape of their organization. Warnings issued by EU regulators on cyber threats and risk scenarios posed by Brexit are classic examples of this imperative. I am seeing management teams begin to include cyber risk management as an integral element of their annual planning activities which I expect to continue in 2022.
The Covid 19 pandemic has greatly accelerated digital transformation and the Work-From-Home Model, which many global organizations have started embracing as a business model. With the rise in remote working, proportionately cyber risks are also increasing. With such increase in cyber-attacks, organizations must spend more money on cybersecurity in the coming period for sure. Around 80% of Indian organizations are likely to increase their cybersecurity budget in 2022, according to 2022 Global Digital Trust Insights Survey by the leading consultancy firm PwC. Cyber-attacks are 300 times more likely to hit financial services firms than other companies, a recent Boston Consulting Group report indicates. As the CISO of a Bank I would prefer to allocate a significant amount of my 2022 budget in advanced threat protection tools & technologies, SOC modernization, improvement of incident response using automated technologies, threat intelligence management, and employee training & awareness etc.
About the authors
Head of Information Security, Bank of Sharjah
Vimal is a Trusted Advisor for CXOs on Risk & Resiliency Management, Assurance and Transformation Practices focused on addressing Information Risks, Technology Risks, Cyber Risks, Digital Risks and various other Business Risks. Vimal has a progressive experience of 24 years in Banking & Financial Services, Energy, Retail, Healthcare and ICT Sectors. Vimal has worked with clients in India, USA, UK, Middle East and Far East Countries. Vimal has served Big 4 Firms such as Deloitte and globally reputed business organizations such as Microsoft, Philips, Accenture and Standard Chartered Bank.
At present Vimal is responsible for the Information Security, Data Privacy & Protection, IT GRC Practices of the Bank Of Sharjah (UAE). Responsible for designing, implementing, improving the information Security Architecture of the Bank and managing Information & IT GRC, Information Assurance (NESA IAS), Cyber & Digital Security, Cyber Risk Management (NCRMF), Payment Security (PCI DSS), Data Privacy Practices of the Bank.
Alberto (Deto) Hasson
CISO at ICL Group
Former Head of National CERT
Experienced Chief Information Security Officer with a demonstrated history of managing in the security of information technology and ICS. Former head of Israeli national CERT.
Graduated from Technion – Israel Institute of Technology and University of Haifa. from October 2015 till February 2018, Head of Israeli National CERT.