3 Essential Things That The Modern CISO needs to know ..
How to survive in a world of AI and Zero Perimeters
Hard to believe that 2024 is just around the corner
Where did this year go ?
I feel it was just Dec 2023 and I was writing down my goals for the coming year
This year could be called the Year of AI as the entire world went collectively insane over AI and its implications
Cybersecurity was no different as we had to adjust to a new world filled with GenAI content and general craziness
As we struggle to adjust to this new reality .. the amount of information being thrown at us can seem overwhelming !
Hence it is essential to drown out the noise and focus on the key areas
Here are 3 priorities I believe every CISO should be thinking about going into 2024
1 — Start thinking of Models instead of Products
“The Network Perimeter is gone”
“Machine Learning powered Threat Intel is needed”
“Zero Trust is the future”
The same old jargon is thrown about every year
At the end of the day .. the person then (usually) recommends a product that will magically solve all these problems
Instead of thinking about products .. think about models
Can you visualize your entire cybersecurity framework on a single whiteboard ? ..
I try to do this once a year to make sure I know how everything is working
The modern CISO needs to pivot away from buying the next hot-product and think about security models where each product solves a particular problem
Instead of thinking how do I implement X product to solve Y problem .. think how does my model solve Y problem and which solution can help here ???
This may see controversial but you do not need to buy something to implement something like Zero Trust .. you just need to know how to re-architect your network to follow its principles
Products come (much) later !
2 — Start using GenAI instead of trying to control it
The rise of GenAI has been a sight to see
The world is fundamentally different from what it was just 18 months back
But CISOs are still trying to tame this beast instead of becoming friends with it
Thinking of dumping your session audit logs on an on-prem GenAI model and getting an automatic intelligent summary emailed to you
Think of an AI chat bot that answers user’s queries on cybersecurity and helps them make good cybersecurity choices
Do not get me wrong .. it cannot be the wild west when it comes to using GenAI but do spend a equal time thinking about how to harness its power also !
3 — Your Security Awareness Material Is Useless
I hate to tell you this but your security awareness program is completely useless now
Yes the one you spent months updating and which covers phishing attacks, strong passwords, not clicking on malicious links etc.
Attackers are not stupid and have moved on
New attacks will involve deepfakes, audio and video content
Can your staff tell the difference between a deepfake of the company CEO and a real one ??
Are they educated in the tell-tale signs of a deepfake attack ?
The age of checking typos in email messages to detect phishing attacks are long gone
Simple phishing simulations will no longer cut it
Overhaul your cybersecurity awareness program today or risk your staff getting socially engineered by new types of AI attacks.
