Rethinking the Role of CISOs in 2022: What Experts Say?

The new world we’ve found ourselves living in since the global pandemic struck in 2020 has been particularly beneficial to cyber criminals, who adapted their attack strategy to exploit practically everything from vaccination mandates to elections and the shift to remote and hybrid work, and more. This exacerbated cyber threat landscape resulted in record-high figures of ransomware attacks and data breaches across the world, and there is, unfortunately, no sign of this letting up as we head into 2022.

What this means for the enterprise is that cybersecurity has now been elevated to the top of the business agenda, making CISOs’ a.k.a chief information security officers’ role more important than ever. And as organizations go digital, remote and hybrid, CISOs’ role will continue to evolve from behind closed doors to a more strategic and influential one.

Therefore, to succeed in the post-pandemic era, CISOs must rethink their security strategies and stay abreast with the latest cybersecurity trends to navigate a new threat landscape. CXOToday finds out from Security experts on what 2022 has in store for CISOs and the evolving role of security leaders for the coming year.

Acting as influencer and educator

“In recent times, the explosion of applications and transition to hybrid work models has provided organizations with endless opportunities to transform, impacting everything, from the emergence of new business models to enhanced customer experience. Simultaneously, it has thrown light on the criticality of modern cybersecurity technologies and elevated CISOs role within an organization because as we digitize, the threat landscape continues to evolve. Today, organizations face multiple challenges while operating in this environment, including complexity in connecting users to applications and data across various cloud platforms. Zero-trust framework, cloud-based security technology, and intelligent security automation have become vital tools in the CISO’s arsenal. For CISOs to continue to navigate the threat landscape, they must consistently reinvent and implement more sophisticated defence strategies in 2022 to mirror the increasing sophistication of the methods used by hackers. This means, CISOs will have to be both influencers and educators, as they are now on the leading edge of the strategic decisions being made in organizations. CISOs role will gain more prominence from CEOs and boards, and they will be the key enablers of digital business and accountable for helping organizations balance the associated risks and benefits.” – Vishak Raman, Director, Security Business, Cisco India and SAARC

Building a security first approach across organization

“The role of the CISO is changing as cybersecurity moves up the corporate agenda and cybersecurity becomes the digital equivalent to business risk. In 2022 and beyond, the role will focus on security transformation as the lead for digital transformation across a business. It will identify and address the security risk associated with a shift in digital approaches and adoption. It will also be responsible for ensuring a security first approach is adopted across the business, that employees are educated and prepared to play their part in protecting the organization from identity vulnerabilities or credentials theft. The CISO will be responsible for looking to the future to identify how the business maintains a robust cybersecurity posture by scaling its cybersecurity solutions as the threat landscape evolves and adversaries further develop their tools, techniques and procedures (TTPs). Finally, it will promote the power of crowd within the organization to ensure the business has access to the best autonomous solutions being augmented by global threat intelligence and human threat hunting to stave off even the most sophisticated of attacks.”- Jagdish Mahapatra, Vice President-Asia, CrowdStrike

Making ‘Protect and connect’ the new business mantra

“The new mantra for today’s CISO is to ‘protect and connect’ which is seemingly contradictory. Yet that’s the new reality CISOs have to live with as the security leader’s role has expanded to a great extent during the pandemic. Almost overnight, CISOs were no longer the gatekeepers of which IT devices, practices, and software was secure. Instead, they were tasked with implementing emergency measures to maintain business continuity and security while the whole world of work was changing before our very eyes.

So, we see a future that requires a holistic vision of cybersecurity that most of us were advocating for before COVID-19. The CISO is even becoming part of the decision tree for mergers and acquisitions. An acquisition target with a poor cybersecurity posture can cause significant problems for the larger organization, potentially negating the value that would be derived from acquiring it. The opinion of security leaders in organizations is more and more integrated as part of the due diligence.

Moving into 2022 the ideal security leaders will be technology partners, communications partners, and financial partners for the business. They will provide coherent and consistent content for crisis management and ongoing expertise to inform the organization’s whole risk management portfolio. And they will build systems that make our hyper-connected world a safer place, no matter the crisis.” – Rajesh Maurya, Regional Vice President, India & SAARC, Fortinet

Encouraging a culture of cyber awareness and hygiene

“Attackers are leveraging trusted credentials to move throughout the network unabated and can accomplish much of their nefarious activity without raising a single alarm.  For organisations to adopt an effective and robust cybersecurity strategy, CISOs should reassess the security requirements in a world where employees are remote, data and applications are accessed through a variety of company provided and personal devices and Applications are residing in a combination of private and public Clouds. Lastly, CISOs must invest in nurturing the next generation of cybersecurity leaders, to enable business be agile and not compromising on security. As we look to the year ahead, security leaders must adopt a Zero-Trust intrinsic model and prepare to fend against the exacerbating risk of attacks. CISOs of the future can effectively implement a holistic cybersecurity strategy and encourage a culture of cyber awareness and hygiene for a resilient organisational structure.” – Gaurav Agarwal, Sr. Director – Enterprise Sales, VMware India

Maintaining a balance between security and innovation

“In response to the pandemic, organizations moved forward with their digital transformation initiatives three times faster than any before. This heightened level of innovation has placed significant pressure on both IT and security teams. As organizations continue to manage the increased pressure placed on them to provide flawless digital experiences and sustain digital business growth, the pressure on CISOs and their teams continues to mount. Because threats are increasing at an unprecedented rate, ensuring the security of a business’ software and IT infrastructure remains critical. Hence, the modern CISO needs to be able to balance security and innovation side by side.

Two things will be the key to their success. First, taking DevSecOps approach to software development – where DevOps and security teams collaborate and come together earlier in the software lifecycle. Secondly, having access to real-time availability, performance and security data through a modern observability platform will be vital. When teams are aligned around a shared data overview, they can share responsibility for any issues, and collaborate more effectively to reduce application downtime. The integration of full-stack observability into an organization’s DevSecOps arsenal will ensure that it is able to keep pace with the rapidly evolving technology landscape.” – Abhilash Purushothaman , Managing Director (India & SAARC) at AppDynamics

Acting as strategic boardroom partners

“In 2021, CISOs facilitated the digital transformation journey for business continuity and resilience. In 2022, CISOs will shift their focus to data security, strategic business alignment, and skilling. With hybrid workplaces here to stay, enterprises will adopt a zero-trust mindset that will scrutinize every network, app, or service for risk exposure. CISOs will become strategic boardroom partners bringing technical expertise and business acumen to the table. They will play a crucial role in cultivating a culture of heightened cybersecurity awareness with buy-in from leadership and employees. CISOs will also focus on attracting top talent to automate workflows, both for operations and security networks, for increased efficiency, without compromising on compliance. Mitigating risk will be a top priority in 2022. Increased cyberattacks, especially in the post-pandemic era, have exposed business vulnerabilities for small, medium, and large enterprises. Information security and business priority will no longer be siloed but united.” – R. Chandran, Chief Information Officer, Bahwan CyberTek

Aligning security strategies with business goals

“As cybersecurity has become a board-level issue for organizations, the role of CISOs is not only limited to managing various security threats but also effectively managing the risks to their infrastructure, business operations, data security, and brand reputation, among other things. As the security landscape continues to evolve, the role of the new CISO will grow to include many more aspects beyond just monitoring compliance and security risks.

To improve the cyber resilience of their organizations, CISOs will have to ensure alignment of their security strategies with their business goals, promote threat information sharing among stakeholders within and outside their organizations, and foster collaboration among different functions in SecOps.

In 2022, CISOs will have to augment their security preparedness against the threats of supply chain attacks, ransomware extortion, and social engineering hacks, among others.” – Akshat Jain – CTO and Co-founder, Cyware

Preparing for the next rounds of threats

“One of the most challenging tasks on the table of a CISO is to prepare for the next rounds of threats in advance to prevent disruption to business, compromised critical systems, and damage to data. In 2022, CISOs can expect to see continued growth in ransomware, and new malware targeting due to an increase in the number of organizations functioning remotely. The upcoming attacks could be targeted on new hybrid networks, remote workers, and data available on the cloud. The CISO will be responsible for defending your organization against these new types of threats and malware that require a holistic, and integrated approach to security. It is necessary to make sure that your network and security tools are ready to work and protect your organization from the next generation of threats.

CISOs will also be the drivers of change spearheading SecOps transformation through the integration and automation of their security workflows. By strengthening collaboration between their siloed security teams, CISOs can gain comprehensive threat visibility and enable a more streamlined and effective threat response. These advances will make the management of people, processes, and technologies involved in SecOps much easier for CISOs.” – Akarsh Singh, CEO and CoFounder, Tsaaro

Acting as a connect between security and consumer confidence

“CISOs have been around for almost four decades now. One of the reasons that make this role pivotal today is the hybrid workplace model. Most companies, including ours, went either partially or fully remote during COVID. During this time several employees have permanently shifted to their hometowns, and employers are now expected to adapt to a hybrid model where working from home is acceptable. Employers have also adapted to this model, but guaranteeing the safety of information has become a challenge now. With employees connecting to various networks in different places, using the same devices that contain customer sensitive information to connect online, the variables involved in creating a safe online workplace have rapidly increased. Governance, data loss, and security architecture have never been more important than today. CISOs today need to be highly versatile and serve as the connecting bond between security, privacy, and consumer confidence and that shall be the game changer in the near future.” – Narinder Kumar, COO, To The New

Merging physical and cybersecurity to create a converged security environment

“As the COVID-19 pandemic continues, cyberattacks are increasing sharply at a cost of more than $1 trillion to the world economy. With companies pursuing their digital business models, cybercriminals continue to outpace the industry with their sophisticated attacks. CISOs must help their companies navigate today’s threats as they anticipate and stay ahead of what’s next. Trust has always been central to building strong customer relationships, but its impact is magnified in a world of digital transactions. Businesses will innovate new trust models to achieve a level of cybersecurity that protects corporate reputations while strengthening customer trust. Security will become a standalone function with CISOs reporting to CEOs and boards. CISOs will prioritize viewing their business as attackers do, a converged physical and digital threatscape. Security will become everyone’s job and applying least privilege trust will be vital to blocking would-be threat actors. Security resilience will become a mainstay as CISOs ensure that critical IT infrastructure—software and hardware—can withstand and minimize attack impact, recover quickly and adapt to updated assumptions. A top CISO priority will be merging physical and cybersecurity to create a converged security environment, along with developing and implementing an ongoing corporate awareness program.” – Manoj Paul, Managing Director, Equinix India

Ensuring a proactive approach to threat detection and response

“As organizations move ahead in their innovation journey bought in by the potential of niche technologies like AI, cloud, and IoT, the threat landscape is also concurrently gaining intelligence. The role of CISO will become more crucial than ever in the coming year to protect the company from any potential cyber risk and prevent loss of reputation and revenue. SOCs will evolve to become threat gathering centers of excellence, enhanced by automation and orchestration, and secure the organization at all touchpoints.
In 2022, there will be an increased focus for CISOs to implement borderless security based on zero-trust architecture (ZTA). This shift will require CISOs to restructure security controls and identity and access management policies, to help IT teams gain visibility into the data, devices, and endpoints in the enterprise. Artificial intelligence will continue to play a significant role in aiding CISOs to strengthen the cyber resiliency of the IT framework. CISOs in 2022 must ensure a proactive approach to the detection and response of threats through experienced tactics like statistical learning, anomaly detection, and NLP.” – Praveen Patil Kulkarni, Country Manager – Security Risk & Governance at Micro Focus