A Club CISO report says, CISOs globally are finding cyber resilience, security culture, and cloud security as most challenging during the pandemic

ClubCISO, a global private members forum for information security leaders, surveyed 100 CISOs. Cyber resilience, security culture, and cloud security are the top three areas important for challenging chief information security officers (CISOs). The “2020 Information Security Maturity Report” reveals 39% of CISOs had implemented a strategic security-operating model to embed security awareness within the culture, while 43% said they had one in development.

Bringing the CISO and CIO Together

The COVID-19 pandemic and new geopolitical risks are challenging CISOs to adapt their management to the current climate. With a sudden increase in remote working, more employees were falling for phishing messages as malicious attacks. About 40% of material incidents are caused by malicious outsiders, while 42% by non-malicious insiders, the report found.

On the back of the pandemic, security teams will need to focus on creating a stronger security culture along with awareness training. Nearly all CISOs said they were working to establish a good culture while less than one-half said their company had positive security cultures. As per the report, more than 30% of CISOs don’t think their boards see information security as an important function.

In order to address issues of measuring and managing supply chain risk, CISOs have adopted a “future state” or “target operating model” (TOM) approach to build a more robust security posture. This model incorporates security frameworks such as ISO27001 or NIST. Nearly 25% of CISOs said they were frustrated with the overall approach towards security while others cited factors such as lack of resources and support. In order to remain agile, organizations need to tweak security investment and bring more awareness.

How the CIO Role Will Evolve Post Covid-19 Pandemic

It is important for IT leaders and security teams to take their organization, customers, and suppliers on a security transformation.