Given that funds are limited, they should be used wisely. “Most of the time, especially with cyber security products, the solution doesn’t make a problem go away, it creates new problems to solve and more work to do,” Terrill says. “If you can write a check and truly make a problem go away, that’s the cheapest problem you have.”
Educate and engage
In many companies, employees have limited security knowledge. “The general awareness of your colleagues regarding cybersecurity risks, whatever their position, is usually basic and often naive,” Chichlo says. This can be changed, though, through effective training done in every department, including IT. “There is a huge effort on education to be made,” he adds.
In addition to education, a collaborative environment should be fostered. CISOs should aim for partnerships, rather than point fingers, as they are there to help, not to denounce mistakes.