As previously discussed, many Boards of Directors have recruited members with deep cybersecurity experience.

The world’s information security practitioners have given global cybersecurity readiness a “C-” average with an overall score of 70 percent.

It’s not that fixing Critical and High-Severity vulnerabilities is the problem; it’s that the Medium and Low severity vulnerabilities can pose significant risks as well. For any given vulnerability, we need to distinguish between its severity and the risk that results from it being present on a particular system on our network.

Essentially, one-third of analysts’ time is being spent on processing alerts that have unknowingly already been processed, and at present SOC teams are left with little ability to make this distinction resulting in massive manpower drain. 

In 2015, it seemed no one was safe from hackers. The year began with Sony reeling from a hack that put the studio and celebrities such as Seth Rogen and James Franco in a web of geopolitics and extortion. Seven months later came the high-profile Ashley Madison hack, which resulted in the release of the email and physical addresses for 37 million users. Cybercriminals stole $1 billion from banks in 30 countries as part of the Carbanak hack. Even the Director of the CIA wasn’t safe – his AOL email account was hacked by someone claiming to be a high school student.

The cyber threats we experience today have become frequent, complex and challenging.

Connecticut Gov. Dannel Malloy announced the hire of Arthur House as chief cybersecurity risk officer, the first to fill the role for the state.

While an organization’s CISO focuses on cybersecurity, they depend on the C-suite to combine business operations and necessary security measures to find success.