Inclement weather is a reality we all face. From snowstorms and frigid temperatures to flash flooding and earth tremors, we all have risks. The only difference is the type of risk most common to the area you’ve chosen to live. If you live in upstate New York for example, winters are long and treacherous. In response, you’ve outfitted your home with the best heating system you can afford, you’ve purchased a snow blower for your driveway, and your vehicle is four-wheel drive.
Cybersecurity is much the same, particularly if you’re a CISO.
When tasked with protecting an organization’s data, CISOs also start with an examination of their risks. What threats are most common to your industry and, more specifically, to your organization right now? Take healthcare for example. The industry saw a significant uptick of ransomware in 2020, driven at least in part by the COVID-19 pandemic and rush to remote work.
After assessing their risks, healthcare CISOs went to work bolstering their endpoint defenses like patching vulnerabilities and encrypting their data. They also took steps to improve user education in hopes of avoiding at least some of those malicious phishing emails.
Whether facing a cold winter or hackers looking to steal your data, risk management steps are the same. You ask yourself:
- What security risks are we facing?
- Do we have the necessary tools to manage these risks?
Do we have enough shovels you might ask yourself next fall? Do you have a patch management solution for the next round of vulnerabilities? As security teams work at breakneck speed addressing one project and then another and another, the third question everyone should be asking, whether your focus is on preparing your home for winter or protecting an organization’s sensitive data, is most often left unasked:
3. Once we’ve deployed these tools, can we be certain they are working?
What would happen if come the first cold snap, you realize your furnace doesn’t actually work? Your space heater in your office might but that isn’t particularly helpful for overnight when you’re trying to sleep. This same idea applies to cybersecurity. If one tool isn’t working, you’ve got serious exposure. And perhaps even more importantly, you’re left with over confidence in your security posture which we all know is a surefire recipe for disaster.
Absolute recently sat down with four globally recognized experts in cybersecurity — each of them experienced CISOs within the world’s largest organizations — to gain insight into why, with so much at stake, this critical third question is frequently overlooked.
- Charles Blauner, Former Global Head of Information Security, Citi; former CISO, JP Morgan and Deutsche Bank; Partner & CISO in Residence, Teams8 Group; President, Cyber Aegis Consulting; Strategic Advisor, Absolute Software
- Todd Inskeep, Former Commercial Cybersecurity Delivery Executive, Booz Allen Hamilton RSAC Advisory Board Member
- Lou Klubenspies, CISO and Senior Director, IT Risk, PerkinElmer
- Malcolm Harkins, Former CISO, Intel Chief Security and Trust Officer, Cymatic
These four experts have weighed in on why this third question is so critically important to protecting an organization’s data and why it is so often left unasked in a new paper titled, The Third Question: What CISOs Aren’t Asking and What’s At Stake. And it isn’t because CISOs don’t know or don’t care to ask. Rather, there are multiple other factors at play in the complex landscape of cybersecurity and data protection.
What those factors are, how organizations can embed answering the third question into their security strategy, and what should be done when the answer is, ‘no’ is covered in detail along with thoughts on where to go for answers on this question, once asked.
Download the new whitepaper here.
Listen to the on-demand webinar here.