9 Ways CISOs Can Stay Ahead of Bad Actors

Security leaders are expected to defend their organizations against existing and emerging threats. Here are some tactics they can use to crack down on the enemy.

Lisa Morgan, Freelance Writer

July 24, 2024

9 Slides
Bald eagles, eagle in flight.
Eric Carr via Alamy Stock

It’s an unfair fight: Bad actors have access to the latest tools and technology, and they don’t have to play by the rules. In fact, they “win” by breaking them. 

Meanwhile, chief information security officers are expected to defend their organizations against existing and emerging threats while following all the rules, quite often without the resources necessary to meet the challenge. 

“I think of it a lot with all the CISOs that it’s how do I prioritize amongst the latest threats, so I can protect my organization, stay close to being on budget, and minimize unnecessary friction to my users. At that strategic level, that’s a very tall order. And frankly, it gets harder on a daily basis,” says Aaron Painter, CEO at digital identity verification platform Nametag. “[Organizations] have less money to spend, the users are busier than ever, [the CISO is] more prone to frustration, and there are more threats than ever before. So, the role of a CISO is honestly becoming harder very quickly. And I don't think as an industry, we're doing enough to equip them with new tools and an easier adoption path for those organizations to stay ahead.” 

Still, the job is the job.  

It is often said that CISOs need to be right all the time and bad actors must only be right once. According to Wolfgang Goerlich, faculty member at independent cybersecurity research and advisory firm IANS Research, that mindset is counterproductive. 

“That’s not the case. The criminals are fast, they’re strong, but there are things we can do. I’ve always started with threat intelligence [because] I want to know what the criminals are doing, what their tactics and procedures are. I want to know some good ways to stop them in ways that don’t interfere with my organizations,” says Goerlich. “Security is only as good as the last time you checked, so we will do tabletop exercises, drills, red team exercises and test all those ways a criminal would move through our environment, and ensure we have multiple ways to stop and catch them.” 

Meanwhile, security operation centers are threat hunting and verifying that the compromise indicators are not in the logs. 

There are many other things CISOs are doing to stay a step ahead. The following are some examples.  

About the Author

Lisa Morgan

Freelance Writer

Lisa Morgan is a freelance writer who covers business and IT strategy and emerging technology for InformationWeek. She has contributed articles, reports, and other types of content to many technology, business, and mainstream publications and sites including tech pubs, The Washington Post and The Economist Intelligence Unit. Frequent areas of coverage include AI, analytics, cloud, cybersecurity, mobility, software development, and emerging cultural issues affecting the C-suite.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights