Jason Frugé, Onapsis: Threats to the CISO in 2021
Updated: Dec 2, 2020
This is part of an ongoing 2021 predictions series. We’ve asked top cyber experts to contribute their insights and expertise to provide a look ahead at what the new year may bring to cybersecurity.
Jason Frugé, Vice President of Business Application Cybersecurity, Onapsis:
CISOs will battle infosec budget fatigue with threat intelligence data
Historically, security teams received the most financial freedom compared to general IT teams for fear of a spending cut, post-data breach. In 2021, however, CISOs will be pressured more than ever to show threat intelligence data to justify security expenditure and move past infosec budget fatigue. They will have to make a strong case using business analytics to highlight security inadequacies to get the budgets they’ve historically had discretionary spending over. Now, only CFOs will have total discretion to spend money whenever they see an issue and they will require additional data to be convinced.
“Grey IT” will threaten CISOs job security unless – they map their SaaS landscape
People who manage SaaS apps often aren’t IT. HR provisions and deprovisions users, provides payroll, connects to other internal apps, and more – but who’s checking to ensure these connections are all secure? This challenge has been brought on by the rise in Grey IT – apps the company may be aware of, but aren’t governing.
In 2021, CISOs will focus on taking control of the grey IT in the cloud, with greater mapping and protection. To secure these mission-critical applications, don’t reinvent the wheel; start with a business resiliency plan. This will outline services that need to be restored quickly to ensure continuity for customers. Start at the top, securing the most critical functions first, then work your way down the asset list. Here, a cloud asset map will be crucial as more critical functions are being performed off-prem to support a tidal wave of at-home workers.