News Feature | July 5, 2016

Helping CISOs Overcome Cybersecurity Solution Fatigue

Christine Kern

By Christine Kern, contributing writer

Cybersecurity

Report provides strategic recommendations to ensure optimal security.

Every Chief Information Security Officer (CISO) knows an organization’s network is only as secure as its most vulnerable connection, making cybersecurity a fundamental component in managing valuable information. But the rash of malware, ransomware, APTs, and other malicious initiatives launched by cyber criminals has made the role of the CISO critical to the overall security of organizations. The escalating number of data breaches over the past five years has led 54 percent of organizations to implement the role of CISO within their executive structure, charged with navigating the constantly changing threat landscape and security challenges.

The worldwide cyber security market is estimated to reach $155 billion by 2019, according to a report from Markets and Markets, with next generation cyber security spending reaching as much as $20 billion in the next three years, as FBR Capital Markets predicts. And, according to CB Insights, investors funded nearly 1,200 private cybersecurity startups with over $7.3 billion between 2010 and 2015, each of which are aggressively working to push its competitors out of the marketplace.

The reality is many CISOs face unrealistic expectations they should be able to fend off every attack with a finite budget. Due to a variety of factors, CISOs combat information overload and vendor solution overload on a daily basis and must learn how to prioritize and communicate strategically to be effective in their role.

CISO Solution Fatigue – Overcoming the Challenges of Cybersecurity Solution Overload, an ICIT study, examines the growing phenomenon of solution overload and provides strategic recommendations for CISOs and the vendor community to overcome this obstacle in order to ensure optimal security for the organization.  Specifically, it covers contributing factors to solution overload, how to properly address organizational needs, effectively communicating across the organization and Return-on-Investment.

CISOs are often forced into the position of sorting the wheat from the chaff, weeding through hundreds of company pitches for security tools and solutions to determine which single solution is right for their organization’s needs. A savvy CISO can overcome solution overload “by altering the business model to value long-term stability over short-term potential gains.” CISOs should delegate responsibility for evaluating pitches and tools, allowing the CISO to focus on development and alignment of the strategic vision of the security program to the business mission, policies, procedures, and guidelines of the organization.

The report also suggests, “CISOs can reduce solution overload by ignoring the hype surrounding a solution, and instead looking for the value offered. An easy rule of thumb is to look for solutions instead of products.” And vendors, by shifting your pitches to highlight solutions rather than specific products, can better win over CISOs who may be inundated with potential options for their security needs.

The study concludes, “Every CISO must combat information overload and vendor solution overload to possess the information necessary to effectively communicate with the board and ensure optimal security for the organization. Paradoxically, vendor solutions must be drawn from the overabundant ocean of options, coherently rationalized to the board, and then implemented to prevent information overload. The real solution is a knowledgeable and discerning CISO who is capable of identifying and adopting the best solution for their organization.”