Latest endangered species: Chief Information Security Officers at major corporations

by WorldTribune Staff, May 30, 2023

A cyber cold war is playing out at major corporations as those on the front lines fighting hackers, who have become even more of a threat due to AI tools such as ChatGPT, are quitting in droves.

Already highly stressed Chief Information Security Officers (CISOs) are placed under “greater and greater pressure” to fight off hackers “with shrinking budgets, skeleton crew staff and a conglomeration of security tools and protocols — so much so that they are increasingly up and quitting,” SDX Central reported on May 29.

Analysts say what is being dubbed the “Great CISO Resignation” is concerning as fewer and fewer officers are left to guard the gate and rally the troops.

“The CISO is the leader of the front line of defense against threat actors,” said Rick Crandall, chairman of the National Cybersecurity Center’s Cyber Committee. “Like any organization, without a leader, important things don’t get managed, motivated, measured and corrected.”

Recent research from anti-data exfiltration and ransomware prevention company BlackFog revealed that 32% of CISOs or IT cybersecurity leaders in the U.S. and UK were considering leaving their current organization.

Nine in 10 CISOs report being “moderately” or “tremendously” stressed, according to another study, and average CISO tenure is just two years and two months.

An analyst on LinkedIn noted that, what the SDX article “doesn’t pick up on is the fact that CISOs at any publicly-traded company (and in my estimation, any private company with a few hundred employees) are either forced or pressured to disclose any tiny mistake on their end when it comes to cybersecurity. The SEC wants to force CISOs to write detailed reports to regulators 48hrs after the *detection* of a breach to their company’s network.”

The analyst added: “AI is new and the legitimate uses to stop cybercrime haven’t been tapped yet. Criminals, though, are using AI all the time for cyberattacks with no worries of regulation.”

The SDX Central report notes the CISOs have also voiced concerns over a “general lack of qualified team members.”

Over an eight-year period, the number of unfilled cybersecurity jobs grew by 350%, from one million positions in 2013 to 3.5 million in 2021. That number is expected to hold out to 2025.

“Organizations are increasingly under attack, and with short staffing, their vulnerability only increases — less than one in 10 organizations are equipped to deal with an attack from professional cybercriminals,” the report said. “In fact, 100% of CISO respondents to one recent survey said they needed additional resources to adequately cope with current IT security challenges.”

Many corporations and government entities no believe that “cyberthreats are the top risk they face,” Crandall said.

In the end, Crandall said, it takes leadership from the top. Since the whole organization doesn’t report to the CISO, their authority must come from CEOs and other C-suite members that are asking questions and making decisions on how to move forward.

“In final analysis,” he said, “the buck stops at the CEO — not the CISO.”


Membership . . . . Intelligence . . . . Publish

You must be logged in to post a comment Login