Buying time with automated defense strategies, mitigating staff/skills shortages and five other measures are key to preserving CISO sanity!

Is your organization’s losing its CISO or cybersecurity peers? Are incumbents for replacing the CISO not forthcoming due to the sheer stress known to be exerted on this role in the post-COVID era?

With more CISOs “tapping out” in search of sanity and relief, organizations and critical infrastructures are being put at greater risk — implicating the safety of the wider population — because large amounts of personal data are now stored online.   

As Christopher Chai, Solution Director (APJC), Hackuity, puts it to “In our experience, firms that suffer multiple cyberattacks (probably) still have a large portion of their cybersecurity work done in a very manual and tedious fashion, which includes assessment, prioritization, notification, remediation and so on.”

Find out what he suggests for CISOs and organizations to seize upon, in order to stay secure and resilient amid raging and insidious cyber warfare …

CybersecAsia: How is the tech talent shortage contributing to CISO burnout? Are CISOs in the region facing unique challenges compared to those in the West?

Christopher Chai (CC): One executive search firm’s 2022 survey identified stress and burnout (56% and 33% respectively, in APAC respondents) as the most significant personal risks CISOs polled were facing.

In 2023, as cybersecurity concerns continue to be at an all-time high, the mounting workload and stress faced by cybersecurity professionals has reportedly been causing 74% of CISOs to report staff attrition in the past year. This sets off the motion of a vicious circle where cybersecurity tech talent becomes very difficult to replace, thus causing skill shortages within organizations, leading to CISOs being forced to spend more time than they should on tactical tasks, and facing greater risks from cyber threats and ransomware.

In general, CISOs in the region are facing similar challenges as compared to their counterpart in the west. That being said, as more countries are adopting their own version of personal data protection law, CISOs in the region are increasingly scrutinized by their organisations. The stress level for CISOs in the region has never been higher.

Christopher Chai, Solution Director (APJC), Hackuity

CybersecAsia: How can firms in the region mitigate these trends, and in your experience, where did those that suffered multiple cyberattacks go wrong in their strategy?

CC: Firms in the region can mitigate such challenges by exercising robust and intelligent cyber hygiene and automating tasks that go beyond human processing capabilities.

In our experience, firms that suffered multiple cyberattacks still have a large portion of their cybersecurity work done in a very manual and tedious fashion, which includes assessment, prioritization, notification, remediation and so on.

The overwhelming routine tasks would swamp the cybersecurity team’s time and resources before they can look into processes and strengthen their cybersecurity perimeters to prevent similar cyberattacks in the future. 

CybersecAsia: While our readers are well aware of the need to find and fix vulnerabilities before cyber incidents can occur, the growth and sophistication of attackers seems to be outpacing vulnerability management worldwide. What can be done to bridge this widening gap?

Continually expanding digitalization and utilizing intelligent solutions that are capable of aggregating and analyzing data from dozens of siloed security tools are two keys to bridging the widening gap.

By consolidating everything under a single pane of glass rather than having a fractured view from different tools, organizations can also easily automate various processes by prioritizing tasks that need to be worked on immediately; and the cybersecurity team can optimize their team and effort on patching the truly critical vulnerabilities, while the CISOs are relieved of these tasks to focus on strategic cybersecurity posture management. 

CybersecAsia: The APAC region is known to be a top target for cybercriminals, so CISOs here are already on high alert. Automation, AI/ML solutions are already available to cushion that impact. Do you have any further objective advice to help CISOs here to do more with less?

CC: While automation and AI/ML solutions are definitely very useful to cushion the impact, an organization’s cybersecurity posture is only as good as its weakest link in which practicing good cybersecurity hygiene could have prevented 80%.

With the blessing from the top brass, CISOs are in the prime spot to enforce strategy plans and maximize their resources for strengthening cybersecurity posture. These can include:

    • emphasizing and investing in employee education and awareness
    • continuously engaging with senior leadership
    • fostering industry collaboration
    • implementing a layered cyber defence strategy
    • periodic incident response reviews

Coupled with automation and AI/ML solutions, that is the best way to help CISOs to do more with less.

CybersecAsia thanks Christopher for sharing his insights.