CISO’s Role in the Boardroom: From IT Guardian to Strategic Leader

The CISO's role in the boardroom is becoming increasingly critical, moving beyond a technical focus to a more strategic partnership. CISOs must now provide board oversight of security programs and ensure comprehensive documentation. Risk disclosure is a key responsibility, with CISOs being required to have a methodology for not only identifying but also communicating and documenting potential risks in company filings. This aims to protect investors from threats such as ransomware and business disruptions.

Compliance has always been a major focus, with CISOs needing to navigate a complex web of SEC, state, federal, and international regulations. But with the SEC now requiring shorter incident response timelines, with some discussions about reducing the reporting timeline from 4 days to 24-48 hours, security leaders must ensure their organization can defend security practices with threat-based modeling. 

CISOs must be accurate about their security practices and proactively identify areas of risk that could impact the organization. The CISO's role is thus not only about technical expertise, but also about effective communication, strategic thinking, and thorough documentation.

Bridging the Cybersecurity Talent Gap with AI:

According to a 2020 survey by the Ponemon Institute, for an average organization, three SOC analysts will be fired or resign in one year. The same report also revealed that on average, it takes nearly eight months to find and train a new SOC analyst. AI can significantly alleviate the strain on under-resourced cybersecurity teams. The key is to focus on AI-driven automation, machine learning, and enhanced analysis to augment the capabilities of human analysts, optimizing resources and reducing overall costs

AI, particularly through Machine Learning (ML), can analyze large volumes of data to identify anomalies and threats faster than traditional methods. This proactive approach can reduce the impact of attacks, minimizing potential damages and associated recovery costs.  

AI also enables a leaner team to handle security operations responsibilities more efficiently, which is especially valuable given the global shortage of cybersecurity experts. AI-powered automation can handle many of the repetitive tasks that consume analysts’ time, such as alert triage, event enrichment, investigations, and containment. This frees up human analysts to focus on higher-level activities and more complex investigations. 

But CISOs must grapple with both the opportunities and threats presented by AI. AI-powered attacks are a major concern, including more convincing phishing and business email compromise (BEC) attempts using realistic impersonations, and the use of deepfakes to bypass identity verification. And there is also a growing risk of cyber-physical threats with the increasing use of AI in robotics, automation, and IoT devices.  Security teams need to understand that their jobs will not be replaced by AI, but by people who know how to use it. This requires CISOs to commit to continuous learning to adapt to the rapidly evolving landscape and to stay ahead of how AI can be used by both security professionals and adversaries. 

Zero Trust and Identity Management:

Organizations are shifting back to the zero trust model which is a comprehensive approach to security that integrates identity with devices, networks, and systems. This model operates on the principle of "never trust, always verify". Key components include network segmentation, continuous verification, and identity and access control. 

A key part of zero trust is the move toward passwordless authentication, driven by the need to combat stolen credentials. Device-level authorization and authentication, using biometrics, are becoming essential. This approach also supports just-in-time access, where admin rights are granted and removed as needed.

Supply Chain Security:

Supply chain security is now a major concern for both businesses and regulators. As organizations shift to hybrid and cloud infrastructure and more interconnected systems with partners and other third-party access make supply chains an increasing target for cyber threats. Some of the largest and most well-known cybersecurity breaches have been due to these supply chain disruptions that often lead to significant financial losses for more than one entity involved. These types of disruptions have become so prevalent that Verizon introduced a new category of breaches involving third parties in their 2024 Verizon Data Breach Investigations Report to include partner infrastructure and direct or indirect software supply chain issues, due to a 68% increase from 2023.

Supply chain attacks are successful because attackers often target less-secure elements in the supply chain, such as vendors, software, or hardware to steal data, spread malware, or disrupt operations. Organizations should be concerned about products developed in conjunction with third-party vendors that may be fraudulent, contain hidden malicious code, or have security vulnerabilities stemming from inadequate manufacturing and development practices within the supplier's operations. Although weak physical security can play a small role in these incidents, from my experience and research the bulk of these types of breaches occur due to improper access control through a connected device or third-party data processor, failure in the software development process, or human error.

The impact of these breaches can lead far beyond reputational damage and often have a widespread impact such as personal identifiable information being compromised, to a disruption in payment processing or other financial transactions, and even injury or loss of life in healthcare settings. By embracing cybersecurity as an integral part of supply chain operations, organizations can fortify defenses and limit the attack vector across an interconnected network. Preventing IP theft and identifying and addressing supply chain software vulnerabilities is key in limiting disruption and operational downtown.

Author: Yuval Wollman, President of CyberProof – A UST company

More for you

AI vs. AI: A Battle of Algorithms

Beneath the Code: Where Real Cybersecurity Begins

How AI Is Shaping Smart Factories in India

Quantum computing: Are We Ready for a Post-Quantum World?