CyberJAGO Thoughts & Opinions

JAGO

Sharing a Pragmatic View of Cybersecurity

Safeguarding what is important: vCISO to the rescue!

Authorities are increasingly concerned about cyberattacks at all levels and continue to add requirements on companies to safeguard information and the systems that contain them. 

Smaller organizations do not have the resources to hire full-time CISOs.  To address this demand, how do small organizations   undertake the need to report and monitor in an affordable way?

Enter the “fractional” or “virtual” CISO.  I envision this concept becoming the model and expanding as compliance requirements continue to multiply and businesses become even more connected – and interconnected.

Whether a company is public or not is irrelevant.  Take a small financial services company, for instance.  Size in this sector is secondary to what the company does.  Even a small financial services organization has a high degree of risk because the work it does involves millions of records and documents. 

A Mom-and-Pop shop must also comply with regulations if handling individual information or if in a position in a supply chain critical to some bigger function. 

Regulators obviously first focus on the bigger things.  But as markets and things continue to evolve, I believe we will see compliance requirements extending to restaurants and any other type of businesses that deal with customer information or have software that can have an impact on individuals. 

In the automobile industry, cars run heavily on computer networks that are vulnerable to attack.  Malicious actors can bypass safeguards and steal the car in less than a minute.  They can also take over your car, lock the door so you cannot get out, and hijack you with it. 

Mobile ordering devices commonly used in restaurants can track you and extract significant information from you, potentially for nefarious purposes.  And how many times have we read about the vulnerability of critical infrastructure companies like small water utilities or electrical companies?

Businesses that are facilitating things digitally will eventually be required to comply with cybersecurity requirements.  The ranks of these businesses will continue to swell because customers seek convenience, and smaller enterprises will have to digitize in order to survive.
These businesses will need to have someone – a CISO – governing the program to make sure controls are in place and functioning.

Just the other day I read about a vendor software developer that was having a problem with its source code, so he uploaded the code to ChatGPT, looking for help.  By doing so, it put the code in the general domain, potentially making it available to anyone to see.

What is the driving lesson here?   Businesses will have to use these technologies if they do not want to fall behind.  As they do not always understand the implications, they will need someone at hand to look at these things, and make sure they are complying with best practices and regulations. 

This will become onerous for small businesses that do not have the budget for a full-time staffer to manage that risk. 

Expanding cybersecurity will impact even the smallest enterprises and the day will come when the fractional CISO will not be a rarity.  On the contrary, they will be in high demand as regulators require an ever-expanding universe of businesses to address cyber risk. 

CyberJago

I am a senior executive with over 25 years in the information and cyber security space with a passionate focus on technology, strategy, market share expansion, sales growth, and merger & acquisitions. Formerly the Mexico Chief Information Security Officer for a top 20 Global Bank, I love to tinker and seek solutions to the challenges of technology, regulatory compliance, and Cyber risk.