Application security, Security Strategy, Plan, Budget

Can CISOs learn to do more with less?

Today’s columnist, Christopher Muffat of Dathena, offers CISOs ideas on doing more with less from his experiences working as a security leader at Barclays and other organizations.

Even before the coronavirus pandemic, being a chief information security officer (CISO) was a tough job. According to one recent survey, nine out of 10 C-level information security execs are stressed out, leaving half with mental health issues and one-third with physical health problems. The average CISO lasts barely two years before they burn out and seek a less stressful role. 

Now, the coronavirus pandemic has raised the stakes still further, with cybercriminals launching a flurry of attacks against struggling organizations, and remote work creating countless new vulnerabilities that CISOs have had to patch. With organizations tightening their belts, more than 70 percent of CISOs believe their budgets will shrink in 2021. Already, many are shelving much-needed upgrades or grappling with hiring freezes and staffing cuts as they struggle to cope with the new challenges they’re facing.

In other words, CISOs are asked to do more with less and less — even as they’re expected to fend off an increasingly motivated and well-resourced army of hackers and cybercriminals. That might sound impossible, and it certainly isn’t easy, but with some creative thinking and a smart tech stack, there are ways for organizations to keep their data safe without breaking the bank.

Don’t blame COVID

As a former information security leader who worked to protect data at Barclays, HSBC, and Paribas, I know that these challenges are nothing new. Organizations were already on an unsustainable course before COVID-19, with their cybersecurity needs growing far faster than their IT budgets. While the pandemic has created new pressures, it’s done so by exacerbating and accelerating a trend — more data, more danger —  that predated the crisis, and that will continue long after we defeat the coronavirus.

What the pandemic did was make the need to find new solutions more urgent. In the new world of zettabye-scale data and cloud servers, delivering real cybersecurity has become a challenge that companies can’t overcome using existing tools. And in the era of remote work and widespread disruption, we no longer have the luxury of ignoring the problem. To keep our companies safe, we need to learn to do dramatically more with dramatically less, and that means changing the way we think about cybersecurity. 

Take a broader view

It’s tempting to look at cybersecurity as a battle, with IT specialists fighting to hold back an onslaught of hackers. In reality, cybersecurity isn’t just about the way  security specialists defend the perimeter. It’s about how everyone in the organization creates, sorts, and handles sensitive data.   

Think of cybersecurity spending as just the tip of the iceberg. When companies think about how much they spend on cybersecurity, they also need to factor in indirect costs, such as the time employees spend tagging the files they create or the data they record, as well as time spent correcting the errors that creep in along the way.

That might sound like bad news, because it means the company actually spends far more on cybersecurity than reflected in the IT department’s budget. But it’s also an opportunity. Most organizations do a poor job handling upstream data — and that creates the potential to find transformative efficiencies and boost data security even while cutting overall IT spending.

The power of automation 

Take a fresh look at the company’s data handling processes. Every time a person has to make a decision or click a button, they create both friction and the potential for human error — so start thinking about how the company can redesign its tech stack to minimize human involvement in data handling.  

Take data classification. When a human user has to tag data as sensitive, it’s all too easy to make costly mistakes. But with modern AI classification tools, it’s possible to eliminate that risk of error, simultaneously streamlining workflows for end users and eliminating vulnerabilities that place a critical burden on IT and data-security teams. 

Companies can implement similar approaches throughout the data pipeline, ensuring they keep information safe and enabling small, lean crews of IT specialists to respond rapidly when they need human intervention. Rather than hiring more people to cope with an expanding universe of data and an ever-growing army of hostile actors, automate security operations and give our teams the truly scalable tools they need to stay a step ahead of the challenges.

Faster, better, stronger

By using smart AI solutions, organizations can dramatically increase their resistance to cyberattacks, while simultaneously reducing the pressure on security teams and optimizing the cost of their IT operations. That adds up to an instant reduction in stress for CISOs and other IT security managers. More important, it also creates a real strategy for sustainable cybersecurity.

Already, more than 80 percent companies are exploring the use of AI tools to streamline internal workflows or extract new insights from big data. We need to bring that spirit of innovation into the world of data security to keep our organizations safe in an increasingly chaotic world.

In these dangerous times, it’s shortsighted to simply slash security budgets and leave organizations painfully exposed. But with some carefully judged investments in AI and machine learning, CISOs can equip their organizations with faster, better, and stronger data security solutions while reducing direct cybersecurity costs and the indirect costs that come with relying on humans to do the heavy lifting.

Long before the pandemic, CISOs knew their organizations were on an unsustainable trajectory. Now, the pandemic has left us with no option but to find new ways to keep our data safe. By embracing new technologies such as AI and machine learning, CISOs can use this crisis as an opportunity to eliminate human error, boost efficiency, and develop truly scalable solutions to the new security challenges faced by their organizations. 

CISOs still face extraordinary challenges — but we know how to win this fight. Executives who stay the course and embrace the new generation of advanced cybersecurity technologies can look forward to a brighter future. 

Christopher Muffat, founder and CEO, Dathena

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.