CISOs Are Spending Too Much Time Understanding the Threat Landscape

As cyber threats continue to grow and breaches become more costly, Chief Information Security Officers (CISOs) are under growing pressure to protect a company’s data while implementing a strategic approach to cybersecurity. According to findings from Deloitte’s recent CISO Transition Lab, 77% of CISOs spend their time protecting business assets by:

  • Understanding the threat landscape and managing the effectiveness of their cyber risk program
  • Assessing and implementing security technologies and standards to build organizational capabilities

The results also found that CISOs would like to reduce this time to 35%, placing a greater emphasis on:

  • Driving business and cyber risk strategy alignment, and innovating transformation change to manage risk through valued investments
  • Integrating with the business to educate, advise and influence activities with cyber risk implications

This is further corroborated in the CSO article How to Survive in the CISO Hot-Seat by Doug Drinkwater. As Matt Palmer, CISO at insurance broker Willis Towers Watson states in the article, “Most of the time in a large organization you will be spending your time with issues that are either historical or immediate, they require operational or tactical decisions rather than strategic. Yet, the world is changing so fast that you have to be ruthlessly strategic. When you try to do so, visibility is limited and the future often foggy. Finding that clarity and aligning strategic and operational priorities in the best interest of all stakeholders is the challenge we face.”

One of the reasons why CISOs spend 77% of their time protecting business assets is because their existing security solutions operate on network, device and system level information but are often siloed and disconnected from the business risks of these security alerts and incidents. As a result, cyber security and response teams are often inundated with noisy, low impact security alerts and spend exhaustive efforts chasing down events which have nominal business impact.

In order to reduce this to 35% of their time, they need to implement a solution that works with their existing applications to correlate the business risk to security events and alerts in order to provide streamlined, effective management of threats and improve cyber security posture. This filters out the noise and reports on the vulnerabilities that are an actual threat to the organization.

Greenlight’s Security Risk Analytics is that solution. It leverages data from multiple sources and analyzes asset, network, business function and risk intelligence with security, compliance and incident data. The solution offers an integrated view of the business manifestation of risks due to failures or violations in security, compliance, and incident management, enabling actionable insight to enforce a defensible and resilient cyber posture.

Greenlight’s Security Risk Analytics provides situational awareness on multiple fronts – risk, threat, compliance, incident from a single pane for a quick understanding of the threat landscape. Aggregation of compliance, risk, threat, and incident data in a single solution also enables real-time, flexible boardroom reporting of key performance indicators.

Click here to learn more about Greenlight’s Security Risk Analytics.