You need to have a chief security officer. There are no room for excuses anymore. And lots of companies have introduced it, calling it CISO, Chief Risk Officer or Data Security Officer for example.
Still, many lack the role. Not least smaller companies.
Lacking a C-suite person focusing on security is an unnecessary risk for your organization.
There are more and more identities to keep track of. Not just people, but machines, devices, entities. Everything will soon be connected. And someone in your organization needs to be on top of this.
All identities, digital and analog need to be authenticated, secured and stored in an effective way.
But it is not only because hackers and other criminals are planning attacks. Legislation in the area of data security is being strengthened both on a national, EU and global level. If you don’t start taking control of these issues, you will have a massive work to do when the new legislation is here.
And it is also about competence. We still come across IT professionals who think that username and password is sufficient protection of critical resources. For us it is like opting out of a burglar alarm and leaving the windows of the office ground floor open at night.
Having a bird’s eye view of your digital and physical infrastructure, data, employees, devices, partners, visitors and current and coming legislations is too much responsibility for a more general CIO. You need a dedicated C-suite person for this. Otherwise you will at some point start missing threats.
This issue could be even more pressing for those organizations that have merged with other entities. Often following this, you will have different legacy systems from each of the merged entities. This could pose serious security challenges. One employee or partner could have one access level in one system and another level in the other system. Names could be misspelled between systems and create confusion and holes open to breach.
Regardless if you have merged with others or not. Regardless if you have had breaches in the past or not. You need a CISO now. Whether you call the person Chief Information Security Officer or something else is not important. What is important is that you know who enters the door, both metaphorically and literally speaking.
Things will only speed up from here. Security challenges will become even more urgent and complex. Coming legislation will be tougher to comply with. There are no reasons not to put out a job ad for a CISO today.
Oh, and if you want our advice on what to look for in a CISO, contact us and we will do our best to share our experience!