www.darkreading.com
Open in
urlscan Pro
2606:4700::6810:e0ab
Public Scan
URL:
https://www.darkreading.com/vulnerabilities-threats/why-cybersecurity-acumen-matters-c-suite
Submission: On October 25 via api from TR — Scanned from US
Submission: On October 25 via api from TR — Scanned from US
Form analysis 0 forms found in the DOM
Text Content
Dark Reading is part of the Informa Tech Division of Informa PLC Informa PLC|ABOUT US|INVESTOR RELATIONS|TALENT This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales and Scotlan. Number 8860726. Black Hat NewsOmdia CybersecurityAdvertise Newsletter Sign-Up Newsletter Sign-Up Cybersecurity Topics RELATED TOPICS * Application Security * Cybersecurity Careers * Cloud Security * Cyber Risk * Cyberattacks & Data Breaches * Cybersecurity Analytics * Cybersecurity Operations * Data Privacy * Endpoint Security * ICS/OT Security * Identity & Access Mgmt Security * Insider Threats * IoT * Mobile Security * Perimeter * Physical Security * Remote Workforce * Threat Intelligence * Vulnerabilities & Threats World RELATED TOPICS * DR Global * Middle East & Africa * Asia Pacific See All The Edge DR Technology Events RELATED TOPICS * Upcoming Events * Podcasts * Webinars SEE ALL Resources RELATED TOPICS * Library * Newsletters * Podcasts * Reports * Videos * Webinars * Whitepapers * * * * * Partner Perspectives SEE ALL * Vulnerabilities & Threats * Cybersecurity Analytics * Cyber Risk WHY CYBERSECURITY ACUMEN MATTERS IN THE C-SUITEWHY CYBERSECURITY ACUMEN MATTERS IN THE C-SUITE Until CEOs and boards prioritize learning more about mitigating threats, organizations are leaving themselves and their businesses open to the potential for disaster. Erik Gaston, CIO & Vice President of Global Executive Engagement, Tanium October 24, 2024 6 Min Read Source: Stephen Barnes/Business via Alamy Stock Photo COMMENTARY With the mounting, competitive pressure to leverage generative artificial intelligence (GenAI), now is the time for CEOs to better understand the technology themselves. Cybersecurity deserves this same level of attention — and so does the discrepancy between C-level enthusiasm and skill level. Leveraging AI tools, cybercriminals and their attacks have become more sophisticated, and with this technology comes a swath of security concerns when used in a company environment. As GenAI use grows within organizations, so does tension across executive teams and in the boardroom, especially as the chief information security officer (CISO) role shifts in remit. We're also seeing significant spikes in data breaches. All of this coalesces to signal the need for more cybersecurity acumen across the C-suite in order to provide leadership and guidance to firms. Why? Because enduring companies understand how to navigate one of the most common and consequential risks in business. IMPROVED STRATEGIC DECISION-MAKING, RESOURCE ALLOCATION, AND COLLABORATION Cybersecurity acumen at the top of the org chart can significantly impact the company's overall security posture and ability to manage risk. This, in turn, translates into several additional benefits for the company. For starters, companies can now integrate security into decision-making processes and strategic direction. This should never be an afterthought. Cyber-risk lurks everywhere and crops up in more decisions than people realize. It's not just in overly simple passwords or opening phishing emails; software-as-a-service (SaaS) tools can serve as an easy entry point for man-in-the-middle attacks that threaten businesses. Leaders in 2024 must recognize the need for security. While businesses have access to incredible levels of technology that can help a company thrive, so do malicious actors. Understanding the variety of sources a threat can stem from better equips a leader to make strategic choices that bolster the protection of data and intellectual property, rather than put it at further risk. That said, security is not always cheap, and finding qualified resources in an already scarce security and AI market is challenging at best. Resource allocation is critical in the decision-making process to balance both attention to threats and business costs. In today's economic climate, budgets are being heavily scrutinized for technology and business leaders. Those with a broader and deeper understanding of the risks that come with deprioritizing security are better prepared to make smart decisions about where to allocate investments. Furthermore, attaining that kind of security knowledge intrinsically improves leadership's ability to collaborate with all of the different internal teams. These conversations drive quicker, better decisions, especially during a crisis, while increasing the respect between the office of the chief information officer (CIO) and the chief security officer (CSO). Enabling that sort of alignment will also bring better, more articulate conversations with the board that protect businesses against risk. Attack surfaces continue to grow for businesses in every industry, which only makes transparency and collaboration more necessary. Regulators are rising to the challenge of finding ways to deal with this new cyber reality, and the pressure is mounting. You can see this in new rules and directives from the Securities and Exchange Commission, and in regulations like the General Data Protection Regulation (GDPR) and the Digital Operational Resilience Act (DORA), just to name a few. Noncompliance is costly both financially and in terms of losing an opportunity to defend against attackers. But compliance requires departments and leaders to communicate in order to create and execute new strategies and policies. However, the burden of proof still falls to top leadership to make this happen. It's in the C-suite's best interest and within its responsibilities to protect data and assets as best it can for customers and the firm. Financial and reputational impacts due to cyberattacks are a consideration that must be recognized in all major decisions at the board level. The rising threat landscape creates a perfect storm that, if left unchecked, leaves businesses vulnerable to major loss. CREDIBILITY ALLOWS SENIOR LEADERS TO PERFORM BETTER ON THE JOB Cybersecurity is a critical topic on every board's agenda as we continue to see stories about threats sneaking through technological infrastructure and impacting the customer experience on at scale. Leaders need the kind of "street cred" to effectively lead a dynamic, smart organization of technologists and operations professionals. Few have the kind of pointed knowledge to recommend, lead, or drive change toward a more secure work culture — only making it that much more critical. Those who can think technically while still demonstrating a business mindset will be best positioned to help their organizations succeed. Some of the strongest leaders and executives I have encountered are those who not only know what they're talking about, but also have a keen ability to explain the "why" of what they're talking about in terms that resonate with those who are unfamiliar with the subject matter. It is time for experts to direct the action instead of "actors." In the words of one of my mentors: "Leaders have followers. Managers just tell people what to do in a hierarchy." It's not enough to just know your stuff; you need to be able to equip others with that knowledge as well. That's what makes you indispensable as a leader. And with the average tenure of most cyber leaders at less than a year and a half, those of us in these positions can't afford to ignore that kind of reality. Commanding the space rather than putting yourself in a situation where you're forced to react isn't just good for the business but good for the leader, too. LEADERS CAN'T AFFORD TO IGNORE THE NEED FOR THIS KIND OF KNOWLEDGE Cybersecurity acumen is no longer specialized or reserved for only the educated few. This was reflected in a recent decision by the Securities and Exchange Commission requiring companies to report a material breach within four days of occurrence. While it did not specifically call for cybersecurity expertise in the boardroom for public companies, it has long been highlighted that only a small percentage of publicly traded companies have such expertise. Although the mandate ultimately didn't pass, this is a proof point of how seriously agencies and regulatory bodies are taking cybersecurity, and it is only a matter of time before this becomes the official guidance. Prioritizing risk management and assessment must come from the top down. Until CEOs and boards have prioritized learning more about these threats and how to mitigate them, organizations are leaving themselves and their businesses open to the potential for disaster. But the leaders who spend the time and effort to study the game, the players, and the playbook toward better threat protection will see the dividends for years to come. Read more about: CISO Corner ABOUT THE AUTHOR Erik Gaston CIO & Vice President of Global Executive Engagement, Tanium Erik Gaston is a chief information officer (CIO), vice president of global executive engagement at Tanium. He hass spent most of his career as a CIO/CTO (chief technology officer), leading large global organizations on Wall Street and in the tech and software-as-a-service (SaaS) space. See more from Erik Gaston Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. Subscribe You May Also Like -------------------------------------------------------------------------------- Vulnerabilities & Threats C-Suite Involvement in Cybersecurity Is Little More Than Lip Service Vulnerabilities & Threats Microsoft Discloses 10 Zero-Day Bugs in Patch Tuesday Update Vulnerabilities & Threats A Lesson From the CrowdStrike Incident Vulnerabilities & Threats Unexpected Lessons Learned From the CrowdStrike Event More Insights Webinars * 10 Emerging Vulnerabilities Every Enterprise Should Know * Simplify Data Security with Automation * Unleashing AI to Assess Cyber Security Risk * Securing Tomorrow, Today: How to Navigate Zero Trust * The Right Way to Use Artificial Intelligence and Machine Learning in Incident Response More Webinars Events * [Virtual Event] State of AI in Cybersecurity: Beyond the Hype More Events EDITOR'S CHOICE A laptop on the table with software update progress bar on screen Vulnerabilities & Threats 5 Zero-Days in Microsoft's October Update to Patch Immediately5 Zero-Days in Microsoft's October Update to Patch Immediately byJai Vijayan, Contributing Writer Oct 8, 2024 4 Min Read Flags of Russia and Ukraine Cyber Risk EU Plans Sanctions for Cyberattackers Acting on Behalf of RussiaEU Plans Sanctions for Cyberattackers Acting on Behalf of Russia byJennifer Lawinski, Contributing Writer Oct 10, 2024 1 Min Read A face scan of Indian Prime Minister Modi Threat Intelligence AI-Powered Cybercrime Cartels on the Rise in AsiaAI-Powered Cybercrime Cartels on the Rise in Asia byNate Nelson, Contributing Writer Oct 10, 2024 4 Min Read Reports * Managing Third-Party Risk Through Situational Awareness Jul 31, 2024 * 2024 InformationWeek US IT Salary Report May 29, 2024 More Reports Webinars * 10 Emerging Vulnerabilities Every Enterprise Should Know Oct 30, 2024 * Simplify Data Security with Automation Oct 31, 2024 * Unleashing AI to Assess Cyber Security Risk Nov 12, 2024 * Securing Tomorrow, Today: How to Navigate Zero Trust Nov 13, 2024 * The Right Way to Use Artificial Intelligence and Machine Learning in Incident Response Nov 20, 2024 More Webinars White Papers * Product Review: Trend Vision One Cloud Security * 2024 Cloud Security Report * IDC White Paper: The Peril and Promise of Generative AI in Application Security * SANS Security Awareness Maturity Model * How to Use Threat Intelligence to Mitigate Third-Party Risk More Whitepapers Events * [Virtual Event] State of AI in Cybersecurity: Beyond the Hype Oct 30, 2024 More Events DISCOVER MORE WITH INFORMA TECH Black HatOmdia WORKING WITH US About UsAdvertiseReprints JOIN US Newsletter Sign-Up FOLLOW US Copyright © 2024 Informa PLC Informa UK Limited is a company registered in England and Wales with company number 1072954 whose registered office is 5 Howick Place, London, SW1P 1WG. Home|Cookie Policy|Privacy|Terms of Use Cookies Button ABOUT COOKIES ON THIS SITE We and our partners use cookies to enhance your website experience, learn how our site is used, offer personalised features, measure the effectiveness of our services, and tailor content and ads to your interests while you navigate on the web or interact with us across devices. By clicking "Continue" or continuing to browse our site you are agreeing to our and our partners use of cookies. For more information seePrivacy Policy CONTINUE COOKIE POLICY When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer. More information Allow All MANAGE CONSENT PREFERENCES STRICTLY NECESSARY COOKIES Always Active These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information. PERFORMANCE COOKIES Always Active These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance. FUNCTIONAL COOKIES Always Active These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly. TARGETING COOKIES Always Active These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising. Back Button COOKIE LIST Search Icon Filter Icon Clear checkbox label label Apply Cancel Consent Leg.Interest checkbox label label checkbox label label checkbox label label Confirm My Choices