Data breaches and cyberattacks are growing more costly, putting increased pressure on CISOs; however, a new study found, “the average CISO total compensation increase was at 11% (down from 14% in the previous year); 20% of CISOs did not receive a raise (double that of the previous year); and retention and equity packages were received by only 12% (down from 21%) and 8% (down from 24%) of CISOs respectively.”
Still, the demands of the role require those who sit in the chair to have a special blend of both business and technical acumen, effective communication skills, and the emotional intelligence to not only understand but speak the unique cultural language of the organization. Sure, the digital landscape continues to evolve, as has the role of the CISO. But are we back to the great obstacle that is impeding the growth of the cybersecurity workforce: Having unrealistic expectations of human beings in search of the beloved “purple unicorn”?
We need look no further than former Uber CISO, Joe Sullivan, to understand that “tenuous theories” about the role of the CISO are incredibly problematic for both the person in the role and the organization.
For the CISOs out there who are keen on developing their people skills and building a stronger community, check out the latest RSAC 365 podcast on how to fortify defenses through education and sharing or visit the C-Suite View content available in our Library.
Now let’s take a look at what else made industry headlines this week.
Oct. 13: Wired reported, “The rapid spread of violent videos and photos, combined with a toxic stew of mis- and disinformation, now threatens to spill over into real-world violence.”
Oct. 13: A threat actor dubbed Void Rabisu has allegedly been targeting military personnel and political leaders in the European Union, specifically those who are known to work on gender rights issues.
Oct. 12: Law enforcers from 26 countries came together recently in a hackathon designed to enhance intelligence gathering on human trafficking gangs, according to Europol,” Infosecurity Magazine reported.
Oct. 12: CISA published an advisory with 19 security vulnerabilities specific to industrial control systems.
Oct. 11: Spanish airline, Air Europa, issued a statement announcing a cybersecurity incident where attackers may have gained unauthorized access to “partial credit card numbers, expiration dates, and CVV codes.”
Oct. 10: Microsoft released its October 2023 Security Updates, which listed 103 Microsoft CVEs.
Oct. 10: Dark Reading reported, “Ongoing Rapid Reset DDoS flood attacks exposed organizations need to patch CVE-2023-44487 immediately to head off crippling outages and business disruption.”
Oct. 10: Visibility into cyberthreat data will hopefully allow the federal government to build a more robust digital infrastructure and inform its threat detection and response strategies.
Oct. 9: According to an Akamai blog post, “The Akamai Security Intelligence Group detected a Magecart web skimming campaign that is targeting an extensive list of websites, including large organizations in the food and retail industries.”