Just about anyone who engages in some form of competition knows the best defense is a good offense. When an opponent moves or strikes first, he is in control and therefore possesses a strategic advantage. Modern CISOs have adopted this approach but it represents a shift in thinking. Cybersecurity originated as a defensive action. CISOs focused on repelling attacks and preventing data from unauthorized access. Threat prevention remains a critical responsibility, however, business enablement has emerged as a top priority. Businesses increasingly rely on cloud technology and the supply chain to achieve operational efficiencies. As a result, confidential data like PII, PHI, and IP are stored externally and shared externally. The CISO’s role has therefore expanded to include risk mitigation, an offensive measure. Proactive CISOs who embrace risk mitigation to support business growth position themselves for long-term success.
Shortly before the coronavirus outbreak, CISO Street sat down at RSA with Darrell Jones, CISO for Ares Management, to explore the many challenges and opportunities CISOs face. In this video, Darrell discusses cybersecurity’s evolution from threat prevention to risk mitigation.