The 2014 CISO Assessment, released by IBM in partnership with the Center for Applied Insights, sheds light on the challenges security leaders expect to face in the next three to five years. Sophisticated external threats followed by regulations and standards are among the top challenges for chief information security officers (CISOs), according to the study.
External threats are on the rise
80% of the 138 security leaders interviewed have seen the external threat increase in the past three years, while 60% said that the sophistication of attackers was outstripping the sophistication of their organisation’s defences. Half of the security leaders interviewed believe that external threats will require the most organisational effort to address over the next three to five years.
Uncertainty about government action
Almost 80% of respondents said that the challenge from government regulations and industry standards has increased over the past three years, and 60% are uncertain about whether governments will handle security governance on a national or global level, and how transparent they will be.
Only 22% think that a global approach to combating cyber crime will be agreed upon in the next three to five years.
The CISO’s influence is growing
A key finding of the 2014 CISO Assessment is that CISOs are obtaining more power – a shift that reflects the need to address the more challenging external threat landscape.
90% of security leaders strongly agree that they have significant influence in their organisation.
71% of the respondents strongly agree that they are receiving the organisational support that they need, and 62% said that they develop their security strategy in conjunction with other strategies (primarily IT, risk and operations).
New security technology – top focus area
More than 70% of the respondents see themselves as very mature with regard to network intrusion prevention, advanced malware detection and network vulnerability scanning, but 28% identified data leakage prevention, Cloud security and mobile/device security as the top three areas in need of dramatic transformation.
72% of security leaders said that real-time security intelligence is increasingly important to their organisation.
75% of security leaders expect their Cloud security budget to increase or increase dramatically over the next three to five years.
Less than half of the security leaders said that they have an effective mobile device management approach.
Finding a solution
Dealing with the rising cyber threats and responding to regulatory pressures, in addition to deploying new technology and improving internal skill levels, requires a holistic approach such as that provided by ISO 27001.
ISO 27001, the international information security standard, sets out the best-practice requirements for implementing an information security management system (ISMS), “a systematic approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organization’s information security to achieve business objectives”.
An ISMS encompasses people, processes and technology, and helps you coordinate all of your security efforts (both electronic and physical) coherently, consistently and cost-effectively.
Furthermore, as an internationally recognised standard, ISO 27001 can help organisations create a framework for complying with regulations and standards on a global scale.