Top 5 priorities for CISOs in 2022 (so far)

Few senior-level business roles have changed as much in recent years as that of the Chief Information Security Officer. Once viewed as leaders of the department of ‘no’, today’s CISOs are under enormous pressure to align the needs of security with those of the business. To that end, they must earn a place in the boardroom by not being viewed as blockers of innovation, but as champions of it.

The role of the modern CISO is to champion innovation without adding risk. Given the dramatic rise of remote and hybrid workforces over the past two years, this is far more challenging than it was before – and more important too. In particular, remote work introduces some unique risks that must be mitigated by long-term solutions. After all, remote work has gone from being a necessity during the pandemic to becoming something that employees desire and expect.

Although the global cybersecurity skills gap has narrowed in the last two years, there remains a shortage of 2.7 million skilled workers in the space. This, together with budgetary constraints, has forced many CISOs to rely more than they would like on technical measures alone. However, good cyber hygiene starts with people, which is why a top priority for CISOs must be to educate and upskill their teams.

2020 and 2021 were all about securing remote workers, which is something that many CISOs are still struggling with. However, the big challenge for 2022 and beyond will be securing the new, hybrid workforce. Remote work is here to stay, but so too will people return to the office, further blurring the lines between traditional office work and the new way of work. This means CISOs will have to support an even more disparate array of technologies and processes.

Supporting a user-friendly experience while upholding the demands of information security is one of the longstanding challenges that CISOs have to face, and it is not getting easier. For example, people are accustomed to using instant messaging and social media in their personal lives, so having to use completely different tools at work can hinder productivity and morale. CISOs need to strike the optimal balance by adopting secure but user-friendly solutions.

Increasing technological complexity has made it a practical impossibility for security leaders to keep tabs on all potential threats at all times. The amount of data reported by user access logs alone is often too great for human comprehension. This is why CISOs need to prioritize automation and machine learning so they can free up time to focus on high-level analytics and operations that require a human touch, such as training and awareness.

The zero trust approach to security follows the notion that one should never trust and always verify any request to access a particular network, application, or data asset. Ideally, it should be implemented at the application and data level to prevent attackers who are already in the network from getting any further. This is especially important now that employees access the systems and data they use for work from a myriad of different devices, often from unrecognized networks.