Click here to learn more about author Luca Scagliarini.
In a pre-internet world, the job of the Chief Security Officer (CSO) was primarily about protecting physical assets from external threats. With data breaches, leaks and hacking attacks regularly in the headlines, it’s clear that today’s threats are anything but simple or predictable, they’re complicated, potentially dangerous, and have become massively expensive.
As it continues to grow in value, information–and its quantity, variety and speed–is bringing the role of Chief Security Officer into new evolution and one with greater focus.
Today, information is a form of currency that has created a new digital dimension of security with perimeters, assets, and protective measures that are much less clearly defined. Threats that are not easily visible can be lurking in everything from software, to networks, to equipment.
Because of the wide range of uses of data and information, the risks (and the solutions) are not ‘one size fits all’ and depend on the nature of your business. Companies in regulated industries will have different security requirements than universities, governments, or organizations – such as retailers who hold massive amounts of sensitive customer information. Last year, a number of high profile private and government organizations suffered data breaches, thefts, shutdowns and other forms of cyber attacks at the hands of hackers (including the state sponsored kind); check out this interactive graphic for a snapshot of the world’s biggest data breaches.
These forces, along with the potential devastating business consequences, are expanding and shifting the scope of a CSO’s responsibilities and setting the stage for a new role: the Chief Information Security Officer (CISO) or more accurately it might be put, Chief Intelligence Security Officer. The CISO maintains the enterprise vision, strategy, and program to ensure that information assets and technologies are adequately protected. This increasingly high profile role requires less traditional security “muscle” and more targeted intelligence know-how in terms of information security technology knowledge and sector credibility.
So why do I say Intelligence rather than information when discussing the shape shifting role of the CSO? Because these individuals are no longer overseeing the information policies, practices, or access within the organization, they now must become experts in understanding that information – identifying data anomalies, unusual behavior, and risk indicators that can sneak up on the organization if not managed and understood. It is worth looking at the way that the most advanced organizations are now viewing this role, which is most often through the lens of managing and processing large volumes of structured and unstructured, largely open source information.
Open source information (publicly available sources, news media, user-generated content on social networks and forums and public data, etc.) is already recognized for its value in strategic activities, including its tremendous value for corporate security. As this information continues to grow exponentially in both volume and number of sources, its effective analysis (especially for preventing some of the most typical operational security threats) must be able to do more than just keep pace.
For example, let’s imagine that before dawn a major storm hits the area around your largest manufacturing plant causing floods that block roads, railways, etc. At 6 AM, with markets in London set to open in three hours, the first tweets, local bloggers, and press start to cover the event. Two hours later press agencies in Asia start to push out news of the disaster.
Meanwhile, an analyst at the San Jose headquarters of an IT manufacturer, is just turning on his PC and opening his semantic intelligence tool.
The main screen shows the manufacturer’s major competitors, suppliers and partners, and a large map indicates breaking news around the world. On the map, the analyst notices a flashing red light indicating a major event in Asia. The analyst checks the relevant operations in the region and immediately begins analyzing a series of local news reports about the storm coming out of the region long before CNN reports on the event.
Because this information is categorized and sorted with semantic intelligence, the analyst is immediately able to identify the companies affected. In turn, the grateful analyst quickly notifies his superiors of the implications for the company and its suppliers.
While this scenario is fictional, the overall narrative is not. CISOs are now having to face these types of situations everyday. With a global presence where world events can trigger a chain reaction of negative consequences, the ability for early and accurate notification requires investment in intelligence leadership and tools.
Whether we’re talking about physical assets, employee protection, or territory-specific risks, analysis of global and local information streams can offer great insight on how to mitigate these risks. This would mean to build a staff with new skills. More intelligence analysts and less IT security experts, more people with a broad view of the world and less people with deep coding skills, more creativity to be able to foresee the unpredictable and less of an engineering approach to problem solving. Advance knowledge about possible unrest, natural disasters, or even targeted threats could suggest different travel plans for a CEO or provide early alerts to supply chain delays. Analysis covering the deep and the dark web can provide the insight needed to anticipate cyber attacks or even prevent fraud.
Therefore, if the CSO of the past was a policeman and today’s CSO is a computer geek, the CSO of tomorrow will be closer to an intelligence analyst and the security group will more closely resemble a three-letter agency than a police department.