Did you catch the recent news that stress and burnout are the primary concerns for most chief information security officers (CISOs) these days? That was the result of a recent study conducted by the executive search firm Heidrick & Struggles as reported by CNBC last month. The survey found stress (59%) and burnout (48%) were identified as the top two personal risks by 327 CISOs from around the globe. Those results were compiled well before former Uber CISO Joe Sullivan’s controversial conviction on charges he hindered a federal investigation into a data breach at the ride-sharing company. Given the range and passion of opinions other CISOs have expressed in response to that case, it’s likely that stress is on the rise.
Scapegoats and Sacrificial Lambs
It’s not that surprising to learn that CISOs are under stress. They are responsible for keeping networks and data safe from a relentless onslaught of attacks from threat actors, and from data breaches that are a result of simple human error. If you spend any amount of time talking with members of the CISO community, as I do, you’ll hear the common complaint that they must manage high expectations and low budgets. You’re also likely to hear a lot of gallows humor involving scapegoats and sacrificial lambs.
I’m sympathetic to a CISO’s plight. In Ordr’s corner of the cybersecurity world, we deal with connected devices of the sort that make up the Internet of things (IoT), Internet of medical things (IoMT), and operational technologies (OT) that are the backbone of industrial and critical infrastructure enterprises. In that world, the pace of change and growth is astounding; it’s impossible to keep up. Consider the following statistics:
- By 2025 there may be as many as 83 billion connected devices active in commercial networks by 2024 (Juniper Research).
- At that time there will be more than 150,000 devices connecting to networks every minute (IDC).
- The average hospital IT infrastructure includes more than 100,000 connected devices, including more than 15,000 IoMT devices dedicated to critical care, and between 10-15 IoMT devices per bed.
Those are big numbers, and they only represent the devices a CISO knows about. There may also be hundreds more unmanaged devices connecting to their networks, enlarging the enterprise’s attack surface, and increasing the chances of a data breach. That’s because you can’t protect what you can’t see. And when vending machines, smart assistants, aquariums, Kegerators, Teslas, Pelotons, and any number of other stranger things decide to make themselves at home on the network, stress rises along with risk.
Just What the Doctor Ordr’ed
Ordr is aware of these trends, and we have just what the doctor ordered to ease the burden that they cause on both the CISO’s enterprise and psyche. Our platform excels at looking across the network to locate and identify each device. Within minutes, Ordr discovers, locates, and automatically classifies all the device assets that are operating on your network, including devices you knew you had, devices you forgot you had, devices you thought you lost, and the ones that you weren’t expecting. In addition to complete devices discovery, Ordr’s feature set is designed to make a CISO’s job easier, including:
- Automated asset inventory synchronized with your CMMS or CMDB.
- Continuous risk assessment uncovering vulnerabilities and risky communications.
- Vulnerability management to help with remediation and mitigation tasks.
- Improved incident response with dynamically created policies to stop attacks.
- Accelerated Zero Trust with dynamically created policies for NAC and segmentation.
- Simplified compliance with detailed reports and documentation to help with auditors and assessments.
And because the Ordr Data Lake is already populated with detailed information on millions of individual device types, every device we find is automatically and accurately profiled, and its communications patterns baselined and monitored. That’s important because connected devices operate in narrow, deterministic ways. Any deviation from normal can be considered as an indicator of compromise, and when Ordr detects a threat, we arm your teams with contextual insights and policies so you can take the right action, quickly. That protects your network by preventing attacks, containing threats, and enabling operational resilience by isolating mission-critical devices that need to remain in service.
You can’t protect what you can’t see. And when vending machines, smart assistants, aquariums, Kegerators, Teslas, Pelotons, and any number of other stranger things decide to make themselves at home on the network, stress rises along with risk.
The CISO’s team also benefits from these features. The ability to automate asset inventory, locate devices easily, and generate security policies on any networking or security infrastructure reduces human errors and frees IT and security personnel to focus on more strategic tasks. This can help CISOs ensure higher job satisfaction, reduce stress, and increase retention for his or her team.
A CISO’s Peace of Mind
Whether you are protecting a hospital, industrial facility, financial services firm, or any other enterprise that relies on a vast constellation of connected devices, Ordr is good medicine. When Ordr is at work a CISO has a little more peace of mind, reducing the stress that comes with being an organization’s Cyber Incident Scapegoat Offering. If you want more information about the Ordr connected device security platform, or if you’d like a demo, reach out and let us know.
Darrell is VP Sales at Ordr. He joined Ordr as one of the original Account Executives in October of 2018 to help launch the field organization. In his prior role as Ordr’s Director of Healthcare Sales, Darrell drove significant growth in healthcare sales and helped position Ordr as the leader in connected device security. Darrell has had over 20+ years of Sales Leadership, Account Management, and Field Engineering experience supporting customers and partners while with leading security and networking organizations – ForeScout Technologies, FireEye, Mandiant, F5 Networks, and Secure Computing Corporation. Darrell earned a Bachelor of Science in Electrical and Computer Engineering from the University of Minnesota, Duluth.
Follow by Author