Intelligent Tech Channels Issue 79 | Page 56

EXPERT SPEAK

A NEW DUALITY , INTEGRATING LEGAL INTO THE TECHNOLOGY BATTLEFIELD

Perhaps the most crucial role of the CISO is to rank cyber risks by order of actual impact and this requires an equal understanding of business and technology , as well as a sense of how objects that were never designed to be secure behave under attack , says Alain Sanchez at Fortinet .

Cyber risk is business risk . Anything that threatens IT threatens the company . We have become extremely dependent upon our digital assets . As a result , business leaders need to realise the magnitude of the change . The essence of what visionaries have shared with me in the last couple of months shows how much cybersecurity is now a permanent topic of discussion among Chief Information Security Officers , CISOs and their corporate leadership .

Perhaps the most crucial role of the CISO is to rank cyber risks by order of
Alain Sanchez , EMEA CISO , Fortinet actual impact . This requires an equal understanding of business and technology , as well as a sense of how objects that were never designed to be secure behave under attack . It is not an easy task , and not only for technological reasons .
Part of this assessment requires understanding the priorities inside the organisation ’ s value chain and securing them accordingly . The second challenge is to look beyond the organisation and see how outside forces may impact it . And among these external forces , we find the compliance framework .
These new laws and regulations are necessary . They protect human beings , intellectual property , and the ability to invent and innovate . From this perspective , compliance standards are good . However , their demands are increasing daily .
This very duality , good and complex , challenges many IT departments . They must ask themselves : How do we integrate legal considerations into what used to be a pure technological battlefield ? The solution is to start from the top .
The board of directors should always have this duality in mind . The more directors know about cyber risks and government regulations , the better .
Consider the European Union ’ s Digital Operations Resilience Act , DORA . This legislation is focused on the European banking and financial system . Still , its mindset and practices can be applied outside the financial domain , particularly as risk is a central component of these practices . More than ever , getting your board on board with cybersecurity risk is key today .
In the past , resilience was more of a technical concept . It was about bringing back the servers . Today , it is a legal requirement documented by an auditable plan . We have moved from a series
The CISO needs to report directly to the CEO , otherwise the job is a widow maker .
56 www . intelligenttechchannels . com