How Channel Partners Can Help CISOs Shine as Business Enablers

By Darren Williams

Darren Williams

With highly destructive cyber threats such as ransomware running rampant and sprawling complex IT estates to watch over, the life of a CISO is becoming increasingly stressful.

The channel has an important role to play in supporting chief information security officers (CISOs) to overcome their biggest pain points. There are huge opportunities for partners to connect security leaders with innovative new tools and serve as trusted advisers that can not only help them keep pace with the fast-changing threat landscape but also ensure that CISOs reach their full potential as business enablers and value generators.

Top CISO Challenges

So, what are the biggest challenges facing CISOs today and how can channel partners best help overcome them?

Finding time to keep pace. To better understand the pressures they face, we surveyed security leaders from a range of business sectors in both the U.S. and the U.K. The most significant source of stress appeared to stem from the fact that CISOs have such wide-ranging responsibilities and, as a result, so little time.

There’s little doubt how important CISOs are to their organizations; they’ve ensured that it’s been “business as usual” in the face of the most turbulent of times, securing networks and enabling remote workers during a period of rapid digital transformation.

The flip side to this is that, if a breach occurs, the buck stops with them. Even with this huge responsibility, and with so many moving parts to manage, it was still shocking to find that around three-fifths of CISOs have been fired or resigned due to a significant security incident on their watch.

Soaring levels of cyberattacks and stretched resources mean that even security leaders with larger teams can’t get away from the day-to-day minutiae of security activities. We found many CISOs were simply too busy fighting fires to pursue more strategic activities, whilst CISOs at smaller organizations have even less of an opportunity to strategize and plan.

Alongside overseeing critical security activities such as threat response and vulnerability management, CISOs are also under tremendous pressure to keep abreast of the latest developments, as they are the ones the board will look to for insight on emerging threats, and how to align their strategy and solutions to ensure they’re not the next victim of an attack.

Finding the right solutions and strategies. Security chiefs are often trapped in a vicious cycle, with inefficient technology and processes leading to their teams wasting much of their time manually dealing with tactical issues. With little spare time, they don’t have the opportunity to develop their strategies or investigate more efficient solutions.

This is where channel partners can step forward as “solutions connectors,” enabling CISOs to access the latest technology they need to combat threats. With more automated tools, CISOs can spend more time building their knowledge and skills.

We often find organizations have implemented new solutions to meet compliance needs — but aren’t able to manage and use them properly. While they’ve met their security goals on paper, much of the investment is going to waste. This also leads to bloated security stacks, as we found enterprises have an average of 20 different security tools, with some having more than 50 to manage.

Channel partners can provide valuable insight to help …

… security leaders pick the best solutions for their needs, complete the implementation process, and make sure these solutions are fully optimized.

With threats evolving as well as growing, it is now increasingly important for CISOs to lean on the expertise of their partners. Partners have a role to play in the more strategic decisions that CISOs make and, as trusted advisers, can guide their customers in how to align security to the wider goals of the business. Making the right investments in security requires partners that really understand the business’s objectives, as well as the risks they face.

Moving beyond the big brands. Stressed CISOs are also less likely to invest in the latest and more innovative security solutions. Three-quarters of security leaders responded that they were more likely to pick a solution from a well-known brand when investing in new solutions.

Even when they had the opportunity to investigate new and innovative technology, we found security leaders often couldn’t pursue them because they lacked the necessary financial or human resources, or they struggled to secure buy-in from the board.

The channel can do a lot to help time-poor security leaders break out of their comfort zone and learn that the safest bet isn’t always the best bet.

The key here is to back up your statements with independent validation from other early adopters. This means lining up relevant references, case studies and contacts for them from the same industry. If it’s a health care provider, for example, connect them with the CISO at another hospital that has found success with the same solution. Seeing an industry peer using a new solution will validate the approach and, more importantly, enable them to confidently approach the board of directors with proof that the investment is worth it.

Bridging the skills gap. The security industry is deep into a longstanding skills gap, with ISC² estimating a global shortage of 3.4 million professionals.

MSPs can be incredibly valuable here, enabling customers to access skilled and experienced professionals such as SOC teams as and when they need them. MSPs focused on getting their people trained and upskilled will be able to provide immediate support when it comes to security emergencies, and provide long-term value by giving their clients the time to work on their own skills. Building on their position as a trusted adviser, MSPs may even be able to directly share knowledge and training as well as support against immediate threats.

Encouragingly, three-quarters of CISOs said their board aligned with their security needs. Hopefully, then, once CISOs have the time to research and understand new security innovations properly, they should have a receptive audience for investing in the future of their organization’s security.

Darren Williams is a serial entrepreneur and founder of three technology startups over the last 20 years, two of which have been sold to public companies. He is currently the founder and CEO of BlackFog, a global cybersecurity company focusing on ransomware prevention and cyber warfare. He has pioneered anti data exfiltration technology for the prevention of cyberattacks across the globe. Williams holds a Ph.D. and bachelor’s degree from the University of Melbourne, and has authored papers and software applications for auto-radiographic densitometry and analysis. You may follow Williams on LinkedIn or @blackfogprivacy on Twitter.