While a relatively new role in most organizations, Chief Information Security officers (CISO) find themselves and the subject of much discussion that's unlikely to abate as security remit expands as more and more organizations become connected and data driven.
Much of the discussion surrounding the role is mostly centred on CISO plans to tackle threats to their existing networks but the real debate is how CISO plan to tackle the 7 headed monster that is the Internet of Things (IoT). There isn't an organization in modern business that isn't data driven and with the increased adoption of the IoT, CISO's and their organizations across the board not only have to find ways to at once store and exploit the influx of data generated by IoT enabled devices but secure the network from threats.
In truth it's a baptism of fire for CISO's as the role is largely a sharp reaction by organizations to stem the recent rash of data security breaches which has gained CISO's a lot of attention from the press and significantly large budgets to play with to stem the growing tide of expensive and humiliating data breaches.
However, despite larger budgets CISO's face significant challenges mostly posed by their superiors. According to a survey carried out by the Ponemon Institute, an incredible 72% of CISO's said that it's been 12 months since their board directors has been informed of their organization's cybersecurity strategy and 66% believe their leadership don't see IT security as a "strategic priority" and need more staff with solid skills and experience. All this explains why, according to the survey, CISO's are pessimistic about their organization's ability to keep secure with only one third of CISO's believing that their organizations can deal with the security risks attached to the IOT.
It's no surprise that so far CISO's are so pessimistic as they have found it difficult to secure the as the has proven to be dangerously vulnerable to breaches. This is a major concern among CISO's and organizations invested in the technology as the scale and almost infinite applications of the IoT make it a big target for hackers which is terrifying as is being used to connect everything from cars to household appliances to the internet and each to other.
While the Internet of Things is currently a B2B/B2G technology, the increased use of the technology in consumer goods such as wearable tech and smartphones will dredge up privacy and security debates that have increased in ferocity since the Snowden revelations. The recent skirmish between the FBI and Apple will be nothing compared the potentially nasty legal battles between organizations and law enforcement agencies looking to track suspects
All of the above will surely keep CISO's up at night as they really can't afford to get the wrong as the implications of doing so are wide ranging and to a certain degree, unknowable. Unfortunately, getting the wrong will almost certainly cost CISO's their jobs and a king's ransom in legal fees as CISO's are often the target of lawsuits after a breach so much that insurance companies have created insurance products which covers security professionals against large data breaches.
In sum, CISO's go to work with a big target on their back and with the increasing adoption of IoT among enterprises and consumers, that target will only get bigger.