Author: Mark Ward, Senior Research Analyst, ISF
07 Sep 2020

Scammers, cyber-thieves and computer criminals are not far behind pornographers when it comes to exploiting technology innovations for their own purposes.

Every time technology takes a leap forward, enterprising hackers soon find ways to exploit any capabilities.

In the 1990s when I first got involved with technology and security, the hackers I talked to and wrote about were usually more interested in satisfying their intellectual curiosity or exercising a bit of teenage bravado than making money.

Nowadays, it’s just malice and money. All the time.

The arrival of the web, wi-fi, word processing, SQL and many other technologies kicked off a flurry of scams that chief information security officers (CISOs) were asked to deal with.

Criminal innovation has kept up with more recent technological developments such as the app economy, big data, the internet of things and pretty much everything else. No doubt, it’ll continue as AI and Machine Learning take off and Edge computing gets going.

And it doesn’t stop with the abuse of technology. All those innovations endow businesses with many more opportunities than they do risks. Again, it’s the CISO who generally has to worry about how to handle those threats so the business can use the technology to prosper.

One big worry is helping to handle digital transformation – when organisations commit to an ongoing programme of swift technologically-led change in a bid to shake up the way they work to become more responsive to customer demands and market realities.

The realisation of just how much CISOs have to manage struck me as I researched and wrote the Becoming a Next-Generation CISO briefing paper. It brought home to me how well-versed in technological innovations, and ways to exploit them, CISOs and their teams must be to do an effective job.

They have tech to help them, of course, and the other constant alongside the rising tide of cyber crime has been the growth of the technology security industry. But there too CISOs have to be knowledgeable and ensure any tool they commit to using does the job its creators claim it does and that it is properly set up and managed.

There are other significant pressures in terms of handling more and more regulations, coping with stress and managing a career. Externally, internally and personally, CISOs are feeling the pinch.

In the face of all that change CISOs have not stood still. The people fulfilling the role are far more knowledgeable and involved with the business than their forebears ever were.

And many of them have pioneered innovative ways to cope with the burden of their relentless responsibilities – these are the next-generation CISOs.

Broadly, their key characteristics break down into six categories that the Briefing Paper dealt with in some detail.

Top of the list is helping organisations make the most of their opportunities while coping with the risks they introduce. It’s key because it allows the CISO to use their experience to advise different parts of the organisation about how to make good use of the latest innovations and manage the risks they introduce.

Next-generation CISOs use this position and become a trusted advisor to any and every part of the organisation. Its evidence of how CISOs have changed and the respect they are starting to get because of their insights, experience and help they can give.

Over a 20-year period CISOs have become masters of change – a trait that equips them well for the future as more and more organisations look to re-shape themselves to cope with these turbulent times.

CISOs seeking help to refine their approach can consult the Next-Generation CISO briefing paper that has advice on how they can get started on expanding their skill set.