22 Apr 2021

Transformation of a CISO from a Governance role to that of a business enabler

Guest blog: Sriram Srinivasan heads the MNA security operations for all the Wipro acquired entities. As part of our #Cyber2021 week

2020 - A year of transformational Changes

With the pandemic raging last year and everyone shifting to remote working, the role of the CISO just became more complex. Most of the Organizations could not do an orderly transition plan to the new way of working and the threat landscape for the CISO just became larger.

With the business continuity in picture the CISOs had a envious task in managing the requirements from the business to enable smooth remote working andalso get their job done in protecting the assets and ensuring data security.

With the rise in Digital Transformationin the recent times and thanks to Covid where this has accelerated, the transformation has led to an number of challenges for the security professionals, some of which are

  1. Protecting the data on the end points.
  2. Unmonitored systems (Shadow IT)
  3. The rise of cloud and the challenges that it brings in protecting the data
  4. Employees who are not well aware of the Organizations security policies are seen as one of the biggest threat to any organization, this gains prominence with almost everyone working remotely.

Considering the risks which has increased with the a fundamental change in the way people work, CISOs are facing more scrutiny and questions on the overall state of security from the CEOs and Board.

A fundamental shift in theway a CISO works 

The role of the CISO has moved from an reporting one to that of partnering with the business in understanding their requirements and embedding security in the complete development lifecycle. Governance and Risk are still the main stay of the CISOs role but this is done while enabling the business to function is a secure way. Some of the areas where the CISO should focus are

  1. Make Employees security aware and provide continuous awareness on secure working
  2. Embed Information Security in the complete development lifecycle
  3. Invest, Invest and investmore in latest areas of AI and ML in information security to proactively stop a threat rather than react to it
  4. Be completely aware of the lay of the land.
  5. Invest in talent, Upskill your existing employees to ensure that they catch up with the latest trends and technologies
  6. Reimagine your SOC, ensure that they can remotely monitor and remediate any threat in a effective manner.

Looking Beyond the Pandemic

2021 will be seen as a transformative year where Board of Directors spend a lot more budget to enhance the security of the Organization and CISOs are expected to play a role of business enablers, Keeping in mind the business need and balancing the needs of Information security which is necessary to ensure that the Information is secured. The CISOs are expected to know the lay of the land at the back of their mind and their job is no longer just to protect against threats and manage risk; they are now expected to play a crucial role in managing brand perception, employee engagement and the strategic adoption of new technologies. The CISO would be an integral part of the Board and are expected to play a proactive and Pivotal role in ensuring that the reputation of the brand name is not impacted due to asecurity incident.

Dan Patefield

Dan Patefield

Programme Head, Cyber and National Security, techUK

Charlie Wyatt

Programme Assistant, techUK

Jill Broom

Programme Manager, Cyber Security & Central Government, techUK

Sam Wyatt

Sam Wyatt

Programme Manager, Defence and Cyber Security, techUK