IT’S TIME FOR CISOS
TO LOOK BEYOND
THE FIREWALL
Enterprises across all sectors are now facing a
new, expanding, threat landscape where security
challenges extend well beyond a company’s perimeter
firewall. As this expansion continues, building a better
defence with point solutions will no longer be enough
to efficiently protect organisations from cyberthreats,
warns Fabian Libeau, EMEA VP, at RiskIQ. He talks
to us about the challenges facing modern CISOs and
what is needed to counter them.
T
he Chief
Information
Security Officer’s
(CISO) role is
going through
a period of
transition. The
number of security breaches over the
last year is unprecedented and growing,
clearly demonstrating the need for a
re-evaluation of current security thinking.
The required changes must be driven
top down and apply across the whole
organisation, with the CISO acting as a
key enabler.
As organisations move their customer
and partner interactions online with
unprecedented speed in their quest to
remain competitive, an unfortunate result
is that their digital attack surface often
grows to an unmanageable size. Modern
CISOs are responsible for curbing
62
the inevitable increase in the risk of
data theft, operational disruption and
brand erosion, as well as employee and
customer compromise.
As digital assets across web, social and
mobile platforms become prime targets
for cybercrime, CISOs must find ways
to not only defend their digital assets
residing on their own networks and
endpoints but also their often overlooked
digital assets residing outside the
corporate network.
Today, spotting cyberthreats lurking on
the Internet requires a level of visibility
that most organisations lack. Successful
CISOs are those investing in surveillance
and reconnaissance tools that can show
how their digital attack surface appears
to attackers; a collection of widely
dispersed digital assets that can be
exploited in a variety of ways.
Fabian Libeau, EMEA VP, at RiskIQ
Beyond the firewall
For many organisations, digital channels
have overtaken more traditional channels
in terms of customer preference and
engagement. While this brings extended
reach, lower cost and, for smaller
organisations, levels the playing field
against bigger competitors, it also brings
new security challenges.
Indeed, threat actors are undertaking
reconnaissance on the digital presence
of organisations; their registered
domains, websites, email systems and
other Internet exposed infrastructure,
looking for vulnerabilities to exploit.
In addition to direct attack, another
common tactic is the impersonation
of the organisation and its brands on
Issue 09
|
www.intelligentciso.com