Who is driving your IT security strategy?

  • Defining security policies and educating employees are only part of the security equation.

  • Treating security strictly as a technology problem makes hacking easier for cyber criminals.

  • CISOs bring people, processes, and technology together to reduce risks and improve information security.

If you have a sneaking suspicion your company isn’t doing enough to fend off cyber criminals, you are not alone. Only about a quarter of companies with 500 or more employees rated their security levels “completely satisfactory” in a recent CompTIA poll.

It’s hard to shake the sensation that cyber criminals can hack your systems no matter what you do. If you treat security strictly as a technology problem, you’re making it easier for the cyber criminals. Besides technology tools, you need well-defined policies and remediation procedures, as well as user education and enforcement. And you need a leader to drive your network security strategy.

That’s why more companies are hiring chief information security officers (CISO), or chief security officers (CSO). A CISO can add the requisite amount of expertise and leadership to help your organization fend off cyber criminals, who constantly refine and improve their methods. With that in mind, here are the top three reasons to hire a CISO:

1. Expertise:

To defend against cyber threats, you must know what they are – and keep up with the evolution of the methods employed by cyber criminals. A CISO can stay abreast of current risks and measure the effectiveness of your company’s security policies and tools against those risks. Having a CISO may not prevent 100 percent of cyber attacks – let’s face it, nothing will. But CISOs bring expertise, planning, and accountability to an area that, if mishandled, can cause considerable pain.

2. Strategy:

A CISO makes decisions on which data and systems need what level of security and encryption, which groups of users should access sensitive data, and what procedures partners and suppliers should follow to securely access your systems. The CISO can have the authority to review all planned IT investments from a security standpoint, evaluate existing defenses periodically, and drive the planning, testing, and execution of remediation plans.

3. Accountability:

As the authority on all things security, the CISO is accountable for the effectiveness of the company’s security stance. That includes ensuring policies comply with privacy regulations and protect the company from negligence claims in the event of a breach. The CISO, however, shouldn’t be considered or act like a miracle worker. The CISO’s role ultimately is to assess risk, provide the best possible defenses, and ensure the company – having done all it could to secure its data – responds properly and promptly to a security incident.

No matter the size of your organization, it’s vital to ensure your security strategy complies with current regulations and is sophisticated enough to block cyber criminals. Learn how to protect your organization with AT&T network security solutions.


Pedro Pereira is an independent business writer and the author of this blog. All opinions are his own. AT&T has sponsored this blog post. 

The Networking Exchange Blog Team About NEB Team