In an evolving cyber security landscape, businesses are searching for means to proactively mitigate the threat of network compromise. While large enterprises are able to hire permanent Chief Information Security Officers to enact overarching security plans, the salaries commanded by CISOs mean they are often out of reach for medium-sized businesses.
Smaller organisations are now turning to Virtual CISOs, who can provide the same level of defence and professionalism at a fraction of the cost. We make the case for medium-sized businesses to consider hiring a VCISO to provide network security services in light of just one soon-to-be-changed security requirement.
The Notifiable Data Breaches Scheme
The expectations placed upon network security professionals have never been higher, and new information security regulations are coming that will set the bar even higher.
As of the 22nd of February 2018, businesses already subject to the Privacy Act 1988 will be required to report breaches of Personally Identifiable Information (PII) to both the individuals affected and the Office of the Australian Information Commissioner (OAIC).
Organisations that experience a breach will be compelled to conduct and provide timely assessments that detail the risk of serious harm.
A CISO is invaluable in making a plan to limit the repercussions of such a breach, both from a network security and PR perspective. Companies with recognisable brands that find themselves the subject of a breach can expect swift condemnation of their preparedness and response if there’s even a slight misstep.
Chief Information Security Officers do not come cheap, with salaries in excess of $200,000 common for practitioners at large organisations given that they must possess high-level network and infrastructure security skills as well as sound business acumen.
Several companies like Computer One offer a VCISO service suitable for medium-sized businesses without the same price tag.
A VCISO engagement begins with a period of face-to-face consultancy before establishing long-term strategies that secure your business against attempts to procure Personally Identifiable Information (PPI), the accidental leaking of company secrets and fraud.
The VCISO will go through your organisation’s processes with a forensic level of detail to establish best practice moving forward, set and test disaster recovery plans and can provide ongoing reviews and updates in the long-term.
Hiring a VCISO should be seen as a natural complement to your existing in-house IT team; your VCISO can take responsibility for the policies that will secure your information and provide 24/7 monitoring without distracting your team from their ongoing duties.
We believe that VCISO services will become increasingly common given their cost-effectiveness and increasing expectations around securing client information like the Notifiable Data Breaches scheme. By placing an organisation in a position of strength to deal with potential data breach incidents as they occur, a VCISO can save your brand from embarrassing to potentially catastrophic consequences.