Tackling the Top 3 Cyber Security Challenges for 2017
Unsecured Internet of Things
(IoT) devices and sensors. Nefarious nation-state actors. A war for
cyber talent. Chief Information Security Officers (CISOs) face an
ever-growing list of thorny challenges to contend with.
Although the CISOs
checklist continues to swell, it's critical to prioritize. As we look
ahead to 2017, here are the Top 3 challenges that CISOs need to address:
1. Cyber attacks will become
more frequent and increasingly devious. As the massive Distributed
Denial of Service (DDoS) attacks that occurred on October 21
the use of Mirai code to hijack Internet of Things (IoT) devices such
as webcams and security cameras represents yet another type of botnet
attack that cyber security professionals have to concern themselves
with. In at least two waves of attacks that occurred, more than 80
websites were brought down - including Twitter, Netflix, Google, Amazon,
Meanwhile, insider threats
will continue to be top-of-mind for many CISOs, as 56% of security
professionals say insider threats have become more frequent in the past
12 months, according to the
Insider Threat Spotlight Report
They're also costly, with 75% of survey respondents saying insider
breach remediation costs could reach $500,000, while 25% believe these
costs will exceed $500,000 and can extend into millions of dollars of
One trend that needs to
occur is for software - both custom development and packaged
applications - to be designed more securely. "Systems need to be
designed not just based on how they should operate, but on how they
recognize their users, how they authenticate with the other systems they
communicate with, and on what their primary function is. Without those
built-in security measures, systems can become instruments for a hacker
to exploit, or even a tool to wage cyber warfare," said
, Strategist & CEO at TCE Strategy.
As the cyber security
skills shortage continues to become more acute, CISOs and their teams
will increasingly need to rely on automation and near real-time
analytics to identify and respond quickly to potential threat sources.
For instance, predictive modeling can be used to assess behavior
patterns to more quickly and accurately identify both external and
2. CISOs get creative to
find/attract/retain talent. The shortage of available cyber security
resources is extremely scarce, with intrusion detection, secure software
development, and attack mitigation listed as the most sought-after
skills in a
Intel Security and the Center for Strategic and International Studies.
The skills shortage is so severe that it's taking up to a year to fill
according to recruiters
The situation is so dire
that nearly three-quarters of the survey respondents (71%) cite the
shortage as responsible for direct and measurable damage to
organizations whose talent gaps makes them more vulnerable hacking
To help address the skills
shortage, CISOs can work with colleges and universities to identify
potential candidates who show a proclivity for desperately-needed
skills, such as innate curiosity and secure software design.
Another way to help bridge
the talent gap is by nurturing more women in IT security roles. At
present, women constitute just 10% of the information security
workforce, according to Frost & Sullivan.
For its part, Intel Security
has created the Women in Science (WiSci) program that's focused on
developing, empowering, and helping women to succeed in STEM careers.
CIOs and CISOs also need to
help nurture future cyber talent before potential professionals have
reached high-school age. Tech executives can speak to elementary and
middle-school students about opportunities in cyber security and also
become involved in hackathons for kids.
"We need to generate awareness about the cyber field at an early age - well before high school," said Anahi Santiago, CISO at Christiana Care Health System.
Meanwhile, near-term or
recent retirees on the other end of the spectrum who may not be prepared
for full-time retirement can be offered flexible job opportunities and
CIOs and CISOs who report on cyber security risks and prevention to the
board and C-suite need to stay away from technical jargon and address
risks and impacts in business-focused terms that their audiences will
communications to the board and C-suite. Although many board members say
they have a reasonable handle on the risks of cyber threats, two-thirds
of board members
by PwC say they're either "not very" or only "somewhat" comfortable
that management provides them with adequate reporting on security
Board members want to know
how threats are being identified and addressed, the business impact of
attacks that have occurred, including disruption to customers, the legal
implications of breaches, how decisions are being made and carried out,
and how risks are being mitigated, avoided or transferred.
Attribution: HMG Research
"Look At Security Proactively"
, President of CrowdStrike Services and CSO, CrowdStrike
"I think CIOs have to look at using security in
a proactive way, not merely preventing the attacks into the network.
Featured Blog Post
"Are Tech-Savvy CEOs a Help or a Hindrance to the Modern CIO?" - by Hunter Muller
Here's a phenomenon that has added a new
dimension of complexity to the CIO's role: The modern CEO understands
technology far better than his or her predecessors.
Featured White Paper
"8 Steps to Modernize Security for the Application Economy" - by CA Technologies
Today's application economy of tech-savvy
end users, increased customer demand for apps and services, and
explosion in Internet-connected devices is forcing IT and business
leaders to re-invent their approach to IT security. In short, security
must evolve from its "limit and protect" foundation to a "unleash and
empower" future. Read the results from fascinating new global research.
Connect with HMG Strategy on Social Media:
About HMG Strategy
HMG Strategy is the world's foremost provider of
pioneering networking events and thought leadership to support the
360-degree needs of the CIO/IT leader. Our regional CIO Executive
Leadership series, newsletters, authored books and Resource Center
deliver proprietary research on leadership, innovation, transformation,
and career ascent. The HMG Strategy global network of more than 300,000
senior IT executives, industry experts and world-class thought leaders
is the strongest, most trusted network of executives. Additionally, our
partnerships with the world's leading search firms provide vital
insights into the evolving role of the CIO.
The HMG Strategy
CIO Executive Leadership Series offers
a completely unique experience for IT executives to gain the latest
insights and best practices for driving increased business value through
the use of IT, and build invaluable relationships with peers and
industry experts. HMG Strategy CIO Executive Leadership Summits were
given the distinction by
one of "Ten Must-Attend Conferences in 2015." The HMG Strategy
'Transformational CIO Blog' was recently recognized by CDW's
BizTech Magazine as one of "50 Must-Read IT Blogs 2015."
For more information about the CIO Leadership Series and HMG Strategy please go to
The Strongest Executive Leadership Network