Janelle Drolet
It’s a sad fact of doing business – criminal hackers are continuously evolving their tactics to breach defenses, steal intellectual property and deploy ransomware. To combat them, a business needs leadership capable of keeping the company’s security controls ahead of the threats. The cat and mouse game of cybersecurity is won by the most adaptable foe.
In this environment, hiring a virtual chief information security officer presents an extremely compelling value proposition, since they are capable of restoring confidence in an organizations IT security while addressing the risk posture as needed. With businesses facing more malicious adversity than ever before, this is the perfect time to consider adding a virtual CISO to your team.
Here are five reasons why threat actors are enjoying such a high success rate and how a vCISO is positioned to counteract them.
- An expanded attack surface
In 2020 the Covid crisis forced millions of workers across the globe to relocate their workplace to remote home offices. In this mad scramble to support a 100% remote workforce, many IT departments sacrificed cybersecurity for the sake of business continuity. As employees started to connect to the corporate network from home, they introduced a number of potential security vulnerabilities, including personal devices, unsecure Wi-Fi and unpatched systems.
How a vCISO can help:
vCISOs have vast experience and proven leadership in crisis situations. Many carry decades of experience and a superior track record of reducing cyber risk and improving cyber resilience for Fortune 500 companies. In addition, they are well-positioned to train internal security staff.
- Evolving scamming techniques
While the network economy brought many benefits, it also brought with it a tidal wave of false content and phishing scams. Insurance and financial service providers have reported that fraudsters are employing all the available scamming tools — phishing emails, fraudulent identities, as well as smishing (SMS phishing). The Federal Trade Commission (FTC) is estimating that coronavirus scammers
may have already made $100 million off stolen stimulus checks, mortgage scams and more.
How a vCISO can help:
The vCISO role means staying up to date on the latest trends and technologies to combat the epidemic of phishing attacks. Using a combination of phishing simulators and a human-centric approach to educating users, vCISOs raise security awareness throughout the organization, protecting it from human-related causes of cyberattacks.
- Shifting priorities, budgets and resources
In the world of IT, big changes can happen quickly without warning. Approximately 47% of cybersecurity teams were reassigned to general IT tasks during the pandemic as a means to ensure business continuity. Sudden priority shifts can happen at any time even though the IT environment demands that security controls remain robust.
How a vCISO can help:
Simply stated, a vCISO provides reduced overhead. They can be recruited on-demand and come without the costs associated with a full-time employee; namely: health insurance, worker’s comp, payroll, benefits and related HR costs. This reduced overhead gives organizations increased budgetary flexibility and the ability to pivot as needed.
- Increasing skills shortage of cybersecurity professionals
According to Microsoft, there will be 3.5 million cybersecurity jobs open globally by 2025 – a 350% increase over an eight-year period. The problem is this job creation is outpacing talent creation by a 3 to 1 ratio right now.
Organizations lack expertise in areas including cloud security, incident response, threat intelligence, security operations and more. Credible cybersecurity leadership is also hard to find, since these professionals are in extremely high demand.
How a vCISO can help:
vCISOs have a distinct advantage — no training required. vCISOs are already well-versed in day-to-day responsibilities and have in-depth knowledge of current trends, regulations, standards and expectations from management. A vCISO is also the ideal candidate for businesses that do not have the time, resources or motivation to train someone for the role.
- Small to Mid-Size Business as vulnerable as large enterprises (if not more)
Research indicates the smaller the organization, the smaller the focus on cybersecurity. Unfortunately this perception does not match the threat reality as analysts are increasingly seeing lesser-known smaller companies being targeted by hackers, especially those that are linked to larger, influential companies. Not only do SMBs have desirable data, but they are also easier to attack because they lack the resources to defend themselves. When SMBs are hacked, high profile companies that work with them may also be compromised.
How a vCISO can help:
A vCISO is available for fast on-boarding and will hit the ground running. Sourcing, building and retaining the right security leadership requires a lot of time and commitment, especially given the tight labor shortage of skilled CISOs and cybersecurity talent. When organizations are suffering from attrition or a security incident, a vCISO can immediately step in and fill the void in leadership.
Securing a vCISO for your organization
There’s no universal standard for hiring a vCISO. Organizations can set up a retainer for a certain number of hours, hire someone on a project basis and/or even buy a chunk of support hours and use them as needed.
The average salary in the U.S. for a CISO falls in the range between $193,000 and $255,000. Yet a vCISO costs significantly less than that due to how contracts are written; one can expect to save at least 35-to-40 percent.
Until a new generation of security graduates matures, the vCISO may be your best solution for handling security risks.
About the Author
Janelle Drolet is Director of Sales for Towerwall, a specialized cybersecurity firm offering compliance and professional onsite services with clients such as Foundation Medicine, Boston College and Middlesex Savings Bank. Founded in 1999 in Framingham, MA, Towerwall focuses exclusively on providing businesses customized cybersecurity technology and programs.
Contact : janelled@towerwall.com
Linkedin: https://www.linkedin.com/in/janelle-drolet-802363b1/
Twitter @towerwall