CISO: The Toughest Job in the World?

Hackers only have to get it right once and CISOs are the ones taking the fallout. So, what can they do about it?


When you think of the toughest job in the world, a fireman or an oil rig worker comes to mind. But when it comes to the toughest job in the business sector? Chief Information Security Officers (CISOs) have got to be at the top of that list.

One Security Breach Too Many

CISOs and CIOs are responsible for the crucial task of choosing which software will best protect their company’s data. They are responsible for making sure security lapses in that software are squashed quickly. They have to be right 100% of the time, while hackers only have to get it right once. If a breach happens, they are the ones accused of dropping the ball which leads to millions of dollars in damages. After a breach, many find themselves on the unemployment line. And yet the breaches keep coming.

The Equifax Data Breach

According to Identityforce.com, by the end of September 2017 there had already been 34 data affecting notable companies like Sonic, Whole Foods, the U.S. Securities and Exchange Commission and Equifax.

The fallout from the Equifax breach, one of the most severe security breaches in history, impacted millions of consumers, cost millions of dollars and resulted in job losses from the top down. After the breach, TechCrunch reported Equifax’s CISO and CIO “retired” and so did the company’s CEO. Following the disclosure of the data breach, The Apache Foundation, which manages the software the hackers exploited, said the hack was due to Equifax’s failure to install the security updates provided in a timely manner.

Personal Data and Other Prime Targets

IBM Security research found that Healthcare, Manufacturing and Financial Services are the top three industries under attack due to their personal data, intellectual property, physical inventory and massive financial assets.

But no business is immune to a cyber-attack. Just ask Chrysler. In 2016 Charlie Miller explained to a crowd of security leaders at the Security Insight Summit how he and fellow security expert Chris Valasek remotely hijacked a Jeep’s digital systems over the internet and paralyzed it while it was being driven down Interstate 64. Miller alerted Chrysler, which took steps to counter the security flaw. But vulnerabilities will always be found. Miller explained, “we’re doing as much as we can to get manufacturers to build layers and layers of security into their cars.”

Even beyond the riskier realms of IoT and connected cars, the impact of a security breach is adding up.

Data Breach Costs Are Rising

Research shows that the cost of security breaches is on the rise, exceeding $1 million for businesses in the USA, not to mention the negative reputational impact for organizations.

“You can’t keep the bad guys out all the time, they’re going to get in so we want to make sure our customers have a copy of the data they can use that’s protected from these attacks” Jim Shook, Director of Cybersecurity, Dell EMC: Protection Division

In response, the share of IT budgets devoted to security is growing – it’s currently 18%, up from 16% in 2016. This at a time when security professionals are focusing on a shift from protection and prevention to detection and response.

Identify. Protect. Detect. Respond. Recover.

GDS Group‘s Shawna Ryan recently sat down with Shook about the ever-changing challenges facing CISOs.

“Those categories really grew up around these threats where people were stealing data,” explains Shook. “Now, with these new threats where they’re trying to destroy your data, that last category of recover capability becomes critically important.”

Shook says Dell EMC’s Protection Division deals with 5 traditional categories of cybersecurity: Identify. Protect. Detect. Respond. Recover. Those first four categories all developed around the idea of keeping the cyber criminals out and protecting your data.

The Toughest Job In the World…?

This shift in focus from cyber-attack prevention to recovery makes understanding how a hacker operates even more critical. Having someone like Charlie Miller expose hackable flaws in cybersecurity software can only make a company like Chrysler stronger. But for hackers with malicious intent, the ones that keep CISOs up at night, the cybersecurity cat and mouse game continues. Will there ever be a clear winner? For now, in my mind, CISOs and CIOs are winning at one thing – they take top prize for toughest job in the world.