9 Ways CISOs Can Stay Ahead of Bad Actors

It’s an unfair fight: Bad actors have access to the latest tools and technology, and they don’t have to play by the rules. In fact, they “win” by breaking them. 

Meanwhile, chief information security officers are expected to defend their organizations against existing and emerging threats while following all the rules, quite often without the resources necessary to meet the challenge. 

“I think of it a lot with all the CISOs that it’s how do I prioritize amongst the latest threats, so I can protect my organization, stay close to being on budget, and minimize unnecessary friction to my users. At that strategic level, that’s a very tall order. And frankly, it gets harder on a daily basis,” says Aaron Painter, CEO at digital identity verification platform Nametag. “[Organizations] have less money to spend, the users are busier than ever, [the CISO is] more prone to frustration, and there are more threats than ever before. So, the role of a CISO is honestly becoming harder very quickly. And I don't think as an industry, we're doing enough to equip them with new tools and an easier adoption path for those organizations to stay ahead.” 

Still, the job is the job.  

It is often said that CISOs need to be right all the time and bad actors must only be right once. According to Wolfgang Goerlich, faculty member at independent cybersecurity research and advisory firm IANS Research, that mindset is counterproductive. 

“That’s not the case. The criminals are fast, they’re strong, but there are things we can do. I’ve always started with threat intelligence [because] I want to know what the criminals are doing, what their tactics and procedures are. I want to know some good ways to stop them in ways that don’t interfere with my organizations,” says Goerlich. “Security is only as good as the last time you checked, so we will do tabletop exercises, drills, red team exercises and test all those ways a criminal would move through our environment, and ensure we have multiple ways to stop and catch them.” 

Meanwhile, security operation centers are threat hunting and verifying that the compromise indicators are not in the logs. 

There are many other things CISOs are doing to stay a step ahead. The following are some examples.