Immediate threats or long-term security? Deciding where to focus is the modern CISO’s dilemma
“Most immediate threat response involves config changes, patch management, compensating controls, etc., which don’t require an immediate spend on new tooling or capabilities,” he says. “That said, there should always be a percentage of the budget set aside for digital forensics and incident response, with the intention of tapping into cyber insurance for anything that exceeds that amount.”
“I worked with a CISO of a midsize financial services company, who faced a challenging situation when a new, sophisticated phishing campaign began targeting their industry,” says AJ Yawn, partner in charge of product and innovation at Armanino.
This immediate threat required significant resources to bolster the company’s email security and employee training programs, he says. However, they were also in the middle of a crucial long-term project to implement a zero-trust architecture, which was essential for their overall security posture and future compliance needs.