CISO

(Source – Shutterstock)

The arduous role of the CISO in organizations today

The CISO or Chief Information Security Officer is quickly becoming a key role in almost all large enterprises today. A position that only came into importance in the last decade, enterprises today rely on the CISO to guide them in making some of the most important company decisions, especially when it comes to tech.

In fact, a Gartner report states that as the role of the CISO grows, their scope of digital business intensifies as well. 64% of board directors also indicate that their organization is trying to significantly alter its economic architecture to put more emphasis on digital. 88% also recognize cybersecurity as a risk to the business.

This is where the CISO comes in. They need to understand the appetite of businesses and adapt to reality while ensuring cybersecurity is not compromised. This includes getting the board to make the right decisions not only on their digitalization plans but also on how they can do it with minimal disruption and securely.

To understand more of what makes a CISO tick, Trellix unveiled The Mind of the CISO research at the 2023 RSA Conference. The research is based on a survey of global CISOs across every major industry and reveals how they work amidst a tumultuous threat landscape, which business functions hold them back, and what they need to be successful.

“Our research shows CISOs are motivated by a mission to protect. Yet, CISOs tell us they feel unsupported, unheard, and invisible,” said Bryan Palma, CEO of Trellix. “I’ve been a CISO, it can be the loneliest position in tech,” Palma continued, “Now is the time, with AI in the hands of both good and bad actors, to revolutionize SecOps strategies and fight back against criminals. We need to empower our CISOs to win every time.”

The struggle is real for the CISO

While it is a global report, the research also revealed key pain points CISOs in Singapore experience. And unsurprisingly 100% of CISOs admit they do not have enough support. Specifically, CISOs in Singapore struggle to get support from the executive board for the resources needed to maintain cybersecurity strength. More than half think their jobs would be easier if all employees across the entire business were better aware of the challenges of cybersecurity. In addition, one-third of CISOs cite a lack of skilled talent on their team as a primary challenge.

What’s more concerning is that a whopping 70% of CISOs in Singapore have managed a major cybersecurity incident at least once, and 28% more than once. 74% of respondents feel fully or mostly accountable for the incidents and 29% experienced major attrition from the Security Operations team as a direct result.

At the same time, CISOs surveyed stated that their organizations are working with too many of the wrong solutions, with the average organization user about 28 individual security solutions. 36% also said a top hurdle is having too many pieces of technology without a sole source of truth. CISOs can find the number of security solutions available to them overwhelming, unnecessary, and challenging.

Hence, having the right solutions makes a difference. 96% agree having the right tools in place would save them considerable time. 40% want access to a single integrated enterprise tool to optimize security investments.

For Jonathan Tan, Managing Director for Asia at Trellix, despite the majority of CISOs reporting that cybersecurity is important to their board members, the research shows that there is still an apparent lack of support from leadership to maintain the cybersecurity strength of companies in Singapore.

“The importance of having the right technology in place is also evident, but what many organizations lack is a unified IT security system that leverages XDR and is constantly evolving to protect against the most sophisticated cyber threats. While preventing security breaches is important, organizations should also have a plan in place to mitigate these breaches when it happens,” added Tan.