Five Top Challenges CISOs Face Today
Many of today’s CISOs find themselves in the middle of a very delicate balancing act between securing the business and enabling it. Maintaining this balance amid evolving business objectives and cyberthreats takes focus and persistence.
I recently spoke with BlackBerry Senior Vice President and Chief Information Security Officer Arvind Raman about the top challenges he and his peers face. If you lead your organization's security function, see if you agree with his list.
Top 5 CISO Challenges for 2023
Raman joined BlackBerry in 2023, following a recent stint as a global CISO in the telecommunications industry. He previously led security efforts in the financial and retail sectors. He knows more than a few CISOs who report sleepless nights resulting from the constant pressure of staying on top of new innovations and technologies to enable organizations to embrace digital transformation and growth, combined with the need to continuously evaluate and safeguard the organization against new potential threats.
Here are what he considers the top five challenges for security leaders right now:
1. Third-Party Risk
“We all use many third, fourth, and fifth parties,” Raman says. “But it's generally classified as third-party risk. How an organization can understand the parties they are using — and the risks around those third parties — is key to avoiding a data breach and being in the news.”
2. Technology-Related Risk
“Ransomware is no longer just encrypting and crippling your systems,” Raman explains. “It's more about data exfiltration, taking your key data out of the organization, and using it to extort you to avoid publication. Organizations need to be prepared for dealing with ransomware-related risk, if and when it happens.”
3. Business Disruption Risk
Business disruption risks are third on the list, according to Raman. “When you're hosting a service or a product, potential DDoS (distributed denial of service) attacks on those services and products you have is a big risk. Organizations must take an appropriate approach to protect the assets and services from things like a potential DDoS attack.”
4. Product/Service Vulnerability
For companies that provide products and services, as most do, Raman maintains there is some additional risk to consider. “Vulnerabilities — related to the products and services you offer — could be exploited. That could be used against you in a cyberattack. Be cognizant of that and figure out how well you can manage the product vulnerability and service vulnerability risks.”
5. Compliance and Legal Risks
Raman also highlighted the importance of keeping up with the shifting regulatory landscape to ensure organizational compliance. “Regulations continue to change. It’s hard to understand what happened last year compared to this year. You must keep on top of that from a regulatory and legal perspective and make sure you understand what the different challenges are, and how can you best manage them.”
A Storm May Be Brewing
In addition to these top CISO challenges, Raman says there is something even more ominous looming over cybersecurity leaders and their teams. It’s the threat of facing a “perfect storm” scenario, where multiple risks converge on an organization at the same time.
Watch my interview with BlackBerry SVP and CISO Arvind Raman for more about this scenario and see if you track with something else he shares: The skills modern CISOs need now.