In a feature authored by Shahqil Kshas for CIO World Asia, Sekuro’s Chief Information Security Officer (CISO) Prashant Haldankar shared about the role and importance of a CISO. Prashant highlighted that cyber crimes are increasingly rampant, and called for more emphasis to be placed on establishing good relations with organisational leaders and on recognising the importance of cyber security.
A CISO is often viewed as one who performs both the role of a Chief Information Officer (CIO) and of a Chief Sales Officer (CSO). As the CISO position undergoes development and redefinition, the functionality of this position is oftentimes subjected to debate.
Although CISOs play a crucial role in safeguarding a company’s security, their effectiveness is nonetheless dependent on the support from the overall team. In other words, security is not solely the responsibility of the CISO but rather the whole organisation, and the collaboration between CISOs and CEOs, as well as other corporate leaders, is as important as their collaboration with the IT and security team.
Alignment in roles and priorities of CIOs and CSOs
CIOs and CSOs are working together more now. This collaboration allows for greater consideration in harnessing cutting-edge technology to improve security and provide firms a competitive edge.
The technical IT security rules and overall execution fall more within the purview of CSOs. In order to guarantee that all security measures are up to par and within organisational risk capital, CIOs must ensure that feedback from the CEO is obtained and work with it. The CSO, however, has a more important duty to perform. Along with security controls, CIO and CSO collaboration is required for a broader strategy of cyber security viewpoint across enterprises, and this collaboration only occurs when the interests of the two groups are aligned.
Therefore, the collaboration of CSOs and CIOs is necessary to ensure that the IT strategy is pushed throughout the organisation while also communicating cyber security requirements.
CISO as an important figure in the Great Resignation
The founders and leaders of a company play a critical role in maintaining organisational security. This is especially so when there is an increase in employee turnover where employees take with them sensitive company information,and thus putting an organisation’s cyber security at higher risk.
CISOs take the effort to promote a security culture inside the company while also stressing that security is a business enabler. Emphasising the importance of security as a component of overall strategy underlines the fact that everyone inside the business has a clear leadership role in upholding the organisation’s security. As a leader, CISOs must convey this message to every employee in the company.
A change in priorities for CISOs
Technical controls are the CISO’s responsibility, depending on the organisation. They are also responsible for making sure that they train the company’s executives. When it comes to making risk decisions for an organisation, they should be knowledgeable and have a security-first attitude. Additionally, they must make sure that the essential cyber security ROI is effectively conveyed because, often, firms do not consider security to be a consideration in determining ROI.
It is clear that cyber security ROI results are an intangible contribution. Therefore, cyber security may assist by defining the function, and guarantee that business assets that have the potential to impact the organisation are adequately protected.
The board and executives must also get cyber security awareness training from CISOs. This is a common practice in America where candidates for board membership must be equipped with a minimum level of cyber security awareness. Therefore, the primary responsibility of CISOs will be to develop a more business-oriented approach for the organisation’s cyber security needs.
Significance of shared understanding of cyber security among the board
It is imperative for the board of directors to gain appreciation and understanding for cyber security given that cyber attacks and cyber security issues are bound to multiply in an increasingly digital world. Instead of being educated on cyber security from a technical perspective, the board should learn cyber security from a commercial standpoint. It is through understanding cyber security that the board of directors will become more informed on the relevant resources required to safeguard the company’s security. In fact, cyber security will become a factor of consideration when making important decisions for the company.
PRASHANT HALDANKAR
The co-founder and the Chief Information Security Officer (CISO) at Sekuro, a global cyber security and digital transformation company headquartered in Sydney, providing end-to-end cybersecurity and digital resiliency services and solutions. Prashant leads the business resilience function globally with extensive experience establishing and maintaining cyber security visions, strategies and information asset protection frameworks for enterprises.