Such figures indicate that critical cybersecurity gaps remain in many, if not most, organizations. As adversaries lean into automation and artificial intelligence, the pressure is mounting to address security gaps that could be exploited. Here are six critical security gaps that demand CISOs’ attention, according to their IT security leader colleagues and industry observers.
1. The perception gap
Although CISOs have become more business-oriented in recent years, many still view their primary job as protecting digital systems when they should see it as ensuring business resilience, says Errol Weiss, CSO with Health-ISAC.
“CISOs still think of a bad day from the IT perspective; they still think of security as an IT problem,” he notes. “They need to shift from protecting systems at all costs to instead building resilience and thinking about the downstream impacts when something fails.”
Weiss notes that part of the reason this gap persists in many organizations is because business continuity, which is at the heart of resilience, usually falls to executives other than CISOs. “The business continuity piece has traditionally been someone else’s problem, but now it has to become a focus for the security organization,” he says.
