Appgate CybersecurityNovember 8, 2022
Podcast: How Can CISOs Close the Gap With Their Boards?
As cyberthreats escalate, it’s somewhat alarming that the Ponemon Institute reports that 63% of CISOs don’t report to the board. To build an enterprise culture of cybersecurity readiness and resilience, it’s time to bridge the gap between CISOs and the board by elevating the security and operational benefits of Zero Trust principles.
The number one job of cybersecurity teams is to protect the organization. But with the right Zero Trust security approach, there's also opportunity to empower the business to reach operational efficiencies and transformation goals. There’s never been a better time for security leaders to jump in and demonstrate that cutting edge projects can move the needle, not just for security but for the business at large.
However, for something as transformative as applying Zero Trust security principles, it’s not necessarily an implementation challenge that security leaders face. Often, they face headwinds created by the inability to garner executive and board buy for security initiatives because the CISO does not have a seat at the table. In this day and age, any board that does not have regular interactions with their cybersecurity and IT leaders is a board that will be unprepared to respond when a threat turns into a successful breach.
On this Zero Trust Thirty podcast, the dynamic COO and CISO duo of Jawahar Sivasankaran and Leo Taddeo discuss with me the unique challenges and opportunities CISOs have in bridging the gap with their boards and articulating the business value of Zero Trust security. Listen below to learn:
- The good news on how a CISO’s role has evolved over the past decade
- What public and private sector organizations have in common when it comes to closing the gap between CISOs and their boards
- Reputational and monetary consequences of a successful cyberattack and other risks if boards aren’t tuned in to their organization’s cybersecurity readiness
- Advice for overcoming hurdles to deploying Zero Trust security initiatives and getting them funded by an enterprise board or for a federal agency
- The skill set that a CISO needs to be successful in a large enterprise today is shifting from solving technical problems to solving business problems.
- Boards and business leaders must become knowledgeable and align to cybersecurity priorities.
- If an organization is breached, consequences can go well beyond the stolen crown jewel resources or monetary loss.
- For public companies, investors want to know more about the company’s true risk, how the board is managing that risk and, when there is a cybersecurity incident, what the material impact is to operations and ultimately, their investment.
- The old business model of having employees and assets in one place in a building or on a campus and a security strategy focused on a perimeter is gone. That’s why Zero Trust security principles are paramount to authenticate everything and everyone located everywhere before anything is allowed to connect to the network.
- Conventional thinking that security is a business inhibitor is no longer a reality. Zero Trust makes security an enabler for the business.
- Take a long-term IT strategy viewpoint when you think about Zero Trust and don't try to boil the ocean. Start with small projects and refresh efforts that can survive over time in a software-defined architecture of the future.
- The benefits of Zero Trust access go far beyond just remote access and many enterprises are leveraging software-defined perimeter for cloud access and enterprise campus access as users as employees return to the office.
Additional Zero Trust security resources
Blog: Cybersecurity is a Board-level Business Issue
eBook: Securing the Hybrid Enterprise
Solution brief: Zero Trust Access for Corporate Networks
About Appgate SDP and comprehensive Zero Trust Network Access