CISOs: What’s at the Top of Your Cybersecurity List?

While the mainframe may be the most securable platform on the planet, it doesn’t come that way automatically. As the bad actors get smarter and threat vectors increase, the mainframe is at risk for data breaches and other incidents like any other server. Whenever my team and I carry out security assessments and penetration tests, we inevitably find gaps and identify vulnerabilities; we almost always find a way in. And if we—the good guys—can get in, so can the criminals, fraudsters and blackmailers. Backdoors fuel ransomware.

Today’s CISOs recognize the threats and, more importantly, recognize the need to take action. Stolen and compromised credentials, phishing and exploiting vulnerabilities head the list.

The Verizon Data Breach Investigation Report 2022 (DBIR) reported that “ransomware has continued its upward trend” with a 13% increase, in many cases using personal credentials and exploiting vulnerabilities. Human error is also a threat—in misconfigured cloud storage, for example—as we increasingly embrace a hybrid model. While internal threats clearly exist, DBIR also reported that breaches and compromises are “considerably more likely to result from external attacks” (73% compared to 18% internal).

A Million-Dollar Race to Detect and Respond

IBM has described the cybersecurity challenge faced by CISOs as a “million-dollar race to detect and respond.” Its Cost of a Data Breach Report 2022 found the average time to identify and contain a breach was 277 days: 207 to identify, 70 to contain. It reported the biggest threats were posed by phishing attacks, stolen or compromised credentials, cloud misconfiguration and compromised business partners. As for the financial impact, in terms of ransomware, the average cost of a data breach in the U.S. was $944 million; the global average total cost was $4.35 million. And of course, financial risks can be matched if not exceeded by the potential reputational damage to an organization and its brands.

Since the stakes are so high, what should be front of mind for CISOs and their teams in 2023? A survey from Evanta, the Gartner company for communities of C-level execs, indicated the top priorities for CISOs are:

• Cloud security, strategy and architecture: e.g., misconfigured cloud storage, with threats posed by a lack of skills and resources in an increasingly hybrid landscape
• Third-party risk management: Mitigating risks from third parties is a major goal, with obstacles including a lack of resources
• Measuring and communicating the risks effectively, especially to other C-level leaders and the Board in general
• User access issues/identity and access management (IAM): Stolen, compromised and elevated credentials continue to pose a major threat
• Effective security operations: There’s a continuing need for clearer and more focused security and risk management, incorporating people (the necessary skills), the right processes and advanced technologies, including AI and automation

Outsourced ICT and Third-Party Governance

We also operate in an increasingly complex and confident regulatory landscape. Recently, notable cyberattacks have come via third parties and supply chains, and managing third-party risk is a key element of a new EU regulation—and particularly relevant for financial services. The Digital Operational Resilience Act (DORA) may prompt some CISOs in the coming months to perform security assessments and carry out security improvements, with a renewed focus on system backup and recoverability. DORA aims to solve a specific issue in financial regulations, covering aspects of operational resilience beyond capital allocation alone; in effect, cyber resilience. Financial institutions will be required to manage risk and adhere to rules (including incident reporting and testing) in protection, detection, containment, recovery and repair activities around ICT-related incidents. The act is enterprise-wide and affects all platforms, including the mainframe, and includes specific powers around outsourced ICT and third-party governance.

DORA came into force in January 2023, and financial entities are expected to be compliant by early 2025. Something else that needs to be added to the list.

AI and Automation for a Complex World

As IBM says, “days saved are dollars saved” when it comes to a breach: The average savings of containing a data breach in 200 days or less is $1.12 million. One development in particular can play a massive role in identifying attacks and speeding up responses.

As with other aspects of modern life, AI and automation in enterprise and mainframe cybersecurity are becoming commonplace as attacks grow in volume, complexity and impact. Because we’re suffering from shortages in security people, skills and resources, we need to do more with the technology at our disposal. AI allows us to sort through huge quantities of data to better understand the threats and the risks, revealing unseen connections and helping detect, protect and respond to threats far faster than ever before.

IBM’s Cost of a Data Breach Report says organizations with fully deployed automation and AI could identify and contain a breach some 28 days faster than those without, and reduce costs by more than $3 million in the process. Even organizations with partially deployed AI and automation “fared significantly better” than those with none.

Connecting the capabilities of AI and automation with new approaches—for example, in continuous file integrity monitoring and forensics or network micro segmentation to fully understand network traffic and ensure compliance with regulations and standards—creates opportunities for CISOs to address the complex and competing challenges they face, while working toward a zero trust stance and improved cyber resilience.

---