Have you heard that some companies are in effect ‘renting’ a temporary information security officer?
It’s not as crazy as it sounds.
While every organization needs an information security officer – to identify information threats and implement strategic and compliant security plans – not every company can afford to hire one full time.
Here are 9 reasons why an organization might consider hiring a virtual CISO.
- The information security workforce shortfall just keeps growing. According to the 2015 (ISC)2 Global Information Security Workforce Study, which is an online survey of almost 14,000 information security professionals in small (25%), mid-sized (32%), and large (43%) organizations, the shortfall will reach 1.5 million in five years (this is the difference between the workforce needed and the expected labor market). Almost three-quarters of respondents in a 2014 Ponemon report said their organizations do not have enough IT security staff.
- There’s so much competition. Data from Burning Glass, a labor analytics firm, reported in a Network World story, showed that cybersecurity job postings grew 74% from 2007 to 2013. That is more than twice the growth rate of all IT jobs.
- Turnover. Senior security executives on average leave after 2 ½ years, according to the Ponemon study.
- The workplace is technology-driven. While the barrage of cyber threats is never ending, the number of devices used by the workforce keeps increasing too. Mobile devices, cloud-based services, Internet-of-Things, and the latest, wearable devices, all need protection too.
- Mounting problems caused by the workforce shortage. The Frost & Sullivan study put the spotlight on configuration mistakes and oversights as well as longer and longer remediation time following compromises. Good leadership takes a proactive stance rather than reactive, which is the status in many organizations now.
- It’s effective. “Renting CISO can be beneficial to companies because they can help navigate risk and compliance issues, and in some cases have had experience speaking with board members,” said a spokesperson from MAFAZO Digital Solutions in a CSOonline article. “They can present a case well and articulate the value of security.”
- Availability. How to hire an information security officer? An online search will show that ‘CISOs for Hire’ (temporary, part-time and/or virtual) is a growing business model.
- Affordability. The concept is especially appealing to smaller companies that lack internal security resources, writes Bob Violino in a Dell.com article. For small to mid-sized business, it may be difficult to justify the expense of a full-time Chief Information Security Officer (CISO).
- Results. Businesses who hire CISOs recorded the highest levels of confidence in their security stance, according to the 2015 Annual Security Report by technology company Cisco. Here’s a review of information security best practices.
The Frost & Sullivan study concluded that once you hire an information security officer, it’s still important to improve security awareness throughout the company. The most important methods: provide on-going employee training and embed security processes into the workplace.
This is why Fortify Experts’ vCISO program is one of the most effective ways to help reduce the risk of a security breach. Learn more about how to Fortify Experts can help protect your company.