Over the last seven years, our role as Chief Information Security Officer (CISO) has drastically changed. According to our Microsoft Outlook Analytics client, more than fifty percent of our mail is spam from cybersecurity suppliers, trying to grab our attention by selling fear, uncertainty and doubt (FUD). Over the last decade, we’ve seen this industry explode with self-proclaimed “cyber pros” and fuzzy vendors in the cyber domain. Is this because
Auteur: owner
Is Digital Security a market for lemons?
Although information security has a long history, it wasn’t really top of mind of senior management, Board or other employees until late 2010s. A “security professional” became a real job and market demand has grown ever since. Awareness about security risks increased significantly. The thriving forces for this were major security breaches such as Snowden, NotPetja and WannaCry shocking the world, but also regulators demanding companies to protect their critical
De stille vijand in cybersecurity
Het belang van goede security wordt doorgaans alleen door harde lessen begrepen. Pas na een ramp beseffen mensen dat het verstandiger zou zijn geweest om vooruit te denken en in security te investeren. Keer op keer stellen naïevelingen zich bloot aan grote risico’s, om achteraf te erkennen dat veel schade voorkomen had kunnen worden door basale securitymaatregelen. In de huidige praktijk zijn beveiligingsverbeteringen vooral gericht op het implementeren van nieuwe
Which of these 4 CISO archetypes do you deserve?
Why is it that CISOs have such a low retention in firms and leave after 1-2 years? Is this because recruiters and HR professionals find it hard to discover what is actually needed and “copy paste” function profiles with the exact same requirements, rather than looking at the real need in the organization: M&A strategy, family business, scale-up phase, consolidation, preparing for sales of the company, cultural differences etc.? The
The ethics & economics of cyber risk
With regard to privacy, regulators are licensed to impose fines on underperformers. Shouldn’t that also be the case with cyber risk in general? Somehow the ethics and economics of cyber risk follow a different path. The regulatory imperative that acts as an incentive for improvement in many sectors, seems to be non-existent when it comes to cyber risk. One might say that we need more incentives for maturing analysis of
Breaking the perverse model
Too many people still think cyber risks are not real. “It won’t happen, because it has never happened before.” There lies the biggest challenge. The employees of a company pose a challenge for cyber-risk professionals. Time and again they turn out to be the weakest link in the chain. There are also charlatans which appear on the market. Security is a growth market where a lot of money can be
Digital risks to business, what do they cost?
Analyzing Business Information Security for a data breach use case In a digital business world that is highly distributed via an eco-system, ensuring your digital assurance becomes vital. Everything needs to continuously work and Confidentially, Integrity and Auditability have to be assured, especially when your business is regulated and should demonstrate to be “in control”. Nevertheless, how do we do that when business models are under fire by hackers? Hackers