A Look at the Social Engineering Element of Spear Phishing Attacks

October 28, 2024

In many ways, the job of the Chief Information Security Officer is divided between two radically different areas of expertise. On one hand, there are the daily technical responsibilities that go into maintaining the security posture of a large enterprise. On the other hand, there are regulatory compliance duties, which have only become more onerous as the US Securities and Exchange Commission have added new responsibilities for incident-reporting and corporate regulation, which causes CISOs to have more responsibilities in the boardroom. To make matters worse, if the companies fail to meet compliance requirements and an incident occurs, it is usually the CISO who is on the line, and not only their job but their reputation and even their liberty might be at stake. The SEC currently has an ongoing civil fraud case against SolarWinds and its CISO Timothy Brown, accusing him of failure to disclose necessary information to investors.

Because of these changes, many CISOs, according to a survey of over 500 CISOs conducted during August and September, are concerned about the future. 9 out of 10 CISOs polled said the changing regulatory landscape is redefining what it means to be a CISO. Four in 5 said the time and effort required to keep pace with the new regulations is not sustainable. On top of their regular security duties, more than half of CISOs polled now meet with their company boards on a weekly basis. The consensus is clear: a majority of CISOs believe that risk management and regulatory compliance at the corporate level should be the responsibility of a separate position, who can commit themselves fully to it.

More from Blackwired

December 16, 2024

CISOs need to consider the personal risks associated with their role

CISOs face personal liability for cybersecurity incidents, boosting accountability but increasing stress and deterring professionals.

Read more
December 9, 2024

The Shocking Speed of AWS Key Exploitation

AWS keys exposed online are exploited in minutes, highlighting the need for faster detection and response to prevent breaches.

Read more
December 2, 2024

Advanced Cyberthreats Targeting Holiday Shoppers

The holiday season sees increased e-commerce scams, with AI-driven phishing, fake sites, and data theft targeting consumers and businesses.

Read more