In years past, the CISO was responsible for putting in place the necessary processes, people, and technology to protect a company’s data. But this has since changed. Today, the threat landscape is ever-evolving, becoming more sophisticated every day. In addition, organizations face more complexity in their IT and OT environments as the digital attack surface expands. Meanwhile a cyber skills talent gap continues to affect organizations around the world. All of this means that cyber risk continues to escalate. As a result, cybersecurity has become everyone’s responsibility, especially business leaders outside of IT in organizations.
Rafi Brenner, VP of Information Security at Fortinet, offers his perspective on how the role of the CISO has changed, key challenges CISOs are facing today, and some interesting technology leadership projects his team is working on at Fortinet.
Rafi: Many organizations now have an understanding that information security is not just an IT or infosec matter. Instead, cyber risk is a risk to the business, hence it requires the attention of the executive team and the board. CISOs should play an active role educating the executive team and the board about risks to the business that could result from a cyber breach as well as on new regulatory requirements and customer expectations. They should also establish regular discussions about key programs and investments needed to prevent and respond in the event of a breach. Gone are the days that if you get breached, the only person responsible to respond is the CIO or CISO.
Because of the operational and financial impact of a security breach as well as regulatory and government regulations, business leaders are now taking a more active role in understanding their security posture and readiness to respond to a cyber incident. Boards and executives are much more familiar with how a cyber risk could quickly become a business risk. The impact of various ransomware and supply chain attacks are good examples of why they are asking for input on whether a mature security program exists. They understand how a breach can affect operations, the reputation, and the brand of an organization. By establishing an open and continuous dialogue with the board and leadership, CISOs can get the support needed to implement an effective and robust program aligned with strategic business objectives and key risks.
Rafi: For years, CISOs knew that the perimeter of their network and the assets they needed to secure were in their data center for the most part. The new "perimeter" is every data center or cloud where organizations are hosting an application, every employee home office, and every employee device. The new perimeter is very dynamic, virtual and ephemeral. This change has created several challenges from a cybersecurity and visibility perspective. How do you know what your IT assets are if they constantly change? How do you maintain visibility and make sure your assets are secure and compliant?
Rafi: The information security team at Fortinet is an early adopter of our own technology and solutions in a program called “Fortinet on Fortinet.” As part of this program the team tests, implements, and provides feedback on new products, features, and capabilities that Fortinet‘s product development teams release. This is exciting for two reasons. We get the latest and greatest technology, but we also get to provide valuable input to the product development roadmap that helps both Fortinet and our customers. When talking to customers we share our experience in implementing Fortinet products, solving security challenges and running security operations. Peer to peer conversations in an informal setting are beneficial for both sides.
Rafi: Security orchestration, automation and response (SOAR) comes to mind. If done well, it pulls together an organization's tools, helps unify operations, reduces alert fatigue, enables context switching, and can reduce the mean time to respond for incidents. For example, FortiSOAR is a great platform to scale security operations by automating the most mundane tasks and enabling organizations to respond to alerts and incidents at machine speed, while freeing analysts to handle the most challenging incidents. The only effective way for a SOC team to handle the exponential increase in alerts is with automation, and that’s precisely where FortiSOAR shines. In security operations it is imperative to have the machines do what machines do best and have analysts focus on challenges that require unique skills that only humans have. As artificial intelligence and machine learning continue to mature we’re going to see more and more applications that will enable SOC teams to handle an even higher volume of alerts, not only with faster speed, but also with the correct response.
Rafi: One of the key challenges that many CISOs face is that most security organizations run 30-40 different security products creating both an integration and a training challenge. The proliferation of point solutions adds significant complexity and can negatively impact the ability to detect, contain, and respond to a cyber breach in a timely manner. In addition, the implementation and the operation of disparate solutions requires a larger number of resources, which becomes an acute problem when budgets are tight and talent is difficult to find or retain. CISOs should look for vendors that help reduce the complexity of their operations by either implementing platforms that address multiple security needs or solutions that are simpler for security professionals to integrate and manage.