Research and Findings
Tackling the Top 3 Cyber Security Challenges for 2017

Unsecured Internet of Things (IoT) devices and sensors. Nefarious nation-state actors. A war for cyber talent. Chief Information Security Officers (CISOs) face an ever-growing list of thorny challenges to contend with. 
Although the CISOs checklist continues to swell, it's critical to prioritize. As we look ahead to 2017, here are the Top 3 challenges that CISOs need to address:

1. Cyber attacks will become more frequent and increasingly devious. As the massive Distributed Denial of Service (DDoS) attacks that occurred on October 21 demonstrated, the use of Mirai code to hijack Internet of Things (IoT) devices such as webcams and security cameras represents yet another type of botnet attack that cyber security professionals have to concern themselves with. In at least two waves of attacks that occurred, more than 80 websites were brought down - including Twitter, Netflix, Google, Amazon, and PayPal.

Meanwhile, insider threats will continue to be top-of-mind for many CISOs, as 56% of security professionals say insider threats have become more frequent in the past 12 months, according to the Insider Threat Spotlight Report. They're also costly, with 75% of survey respondents saying insider breach remediation costs could reach $500,000, while 25% believe these costs will exceed $500,000 and can extend into millions of dollars of costs.

One trend that needs to occur is for software - both custom development and packaged applications - to be designed more securely. "Systems need to be designed not just based on how they should operate, but on how they recognize their users, how they authenticate with the other systems they communicate with, and on what their primary function is. Without those built-in security measures, systems can become instruments for a hacker to exploit, or even a tool to wage cyber warfare," said Bryce Austin, Strategist & CEO at TCE Strategy.

As the cyber security skills shortage continues to become more acute, CISOs and their teams will increasingly need to rely on automation and near real-time analytics to identify and respond quickly to potential threat sources. For instance, predictive modeling can be used to assess behavior patterns to more quickly and accurately identify both external and insider threats.

2. CISOs get creative to find/attract/retain talent. The shortage of available cyber security resources is extremely scarce, with intrusion detection, secure software development, and attack mitigation listed as the most sought-after skills in a report by Intel Security and the Center for Strategic and International Studies. The skills shortage is so severe that it's taking up to a year to fill certain spots, according to recruiters.

The situation is so dire that nearly three-quarters of the survey respondents (71%) cite the shortage as responsible for direct and measurable damage to organizations whose talent gaps makes them more vulnerable hacking targets.

To help address the skills shortage, CISOs can work with colleges and universities to identify potential candidates who show a proclivity for desperately-needed skills, such as innate curiosity and secure software design.

Another way to help bridge the talent gap is by nurturing more women in IT security roles. At present, women constitute just 10% of the information security workforce, according to Frost & Sullivan.

For its part, Intel Security has created the Women in Science (WiSci) program that's focused on developing, empowering, and helping women to succeed in STEM careers.

CIOs and CISOs also need to help nurture future cyber talent before potential professionals have reached high-school age. Tech executives can speak to elementary and middle-school students about opportunities in cyber security and also become involved in hackathons for kids.  "We need to generate awareness about the cyber field at an early age - well before high school," said Anahi Santiago, CISO at Christiana Care Health System.

Meanwhile, near-term or recent retirees on the other end of the spectrum who may not be prepared for full-time retirement can be offered flexible job opportunities and training options.

Finally, CIOs and CISOs who report on cyber security risks and prevention to the board and C-suite need to stay away from technical jargon and address risks and impacts in business-focused terms that their audiences will understand.

3. Crystallizing communications to the board and C-suite. Although many board members say they have a reasonable handle on the risks of cyber threats, two-thirds of board members surveyed by PwC say they're either "not very" or only "somewhat" comfortable that management provides them with adequate reporting on security metrics.

Board members want to know how threats are being identified and addressed, the business impact of attacks that have occurred, including disruption to customers, the legal implications of breaches, how decisions are being made and carried out, and how risks are being mitigated, avoided or transferred.

Attribution: HMG Research
Featured Video
"Look At Security Proactively"

Click here to watch Shawn Henry, President of CrowdStrike Services and CSO, CrowdStrike

"I think CIOs have to look at using security in a proactive way, not merely preventing the attacks into the network. "
Featured Blog Post
"Are Tech-Savvy CEOs a Help or a Hindrance to the Modern CIO?" - by Hunter Muller

Here's a phenomenon that has added a new dimension of complexity to the CIO's role: The modern CEO understands technology far better than his or her predecessors.

Featured White Paper
"8 Steps to Modernize Security for the Application Economy" - by CA Technologies

Today's application economy of tech-savvy end users, increased customer demand for apps and services, and explosion in Internet-connected devices is forcing IT and business leaders to re-invent their approach to IT security. In short, security must evolve from its "limit and protect" foundation to a "unleash and empower" future. Read the results from fascinating new global research.

Connect with HMG Strategy on Social Media:

About HMG Strategy

HMG Strategy is the world's foremost provider of pioneering networking events and thought leadership to support the 360-degree needs of the CIO/IT leader. Our regional CIO Executive Leadership series, newsletters, authored books and Resource Center deliver proprietary research on leadership, innovation, transformation, and career ascent. The HMG Strategy global network of more than 300,000 senior IT executives, industry experts and world-class thought leaders is the strongest, most trusted network of executives. Additionally, our partnerships with the world's leading search firms provide vital insights into the evolving role of the CIO.

The HMG Strategy  CIO Executive Leadership Series offers a completely unique experience for IT executives to gain the latest insights and best practices for driving increased business value through the use of IT, and build invaluable relationships with peers and industry experts. HMG Strategy CIO Executive Leadership Summits were given the distinction by as one of "Ten Must-Attend Conferences in 2015." The HMG Strategy 'Transformational CIO Blog' was recently recognized by CDW's  BizTech Magazine as one of "50 Must-Read IT Blogs 2015."
For more information about the CIO Leadership Series and HMG Strategy please go to

The Strongest Executive Leadership Network

Confirm that you like this.

Click the "Like" button.