Veridium Issues TAG Cyber Analysis: What Keeps a CISO Up at Night (in 2022)

Identifies Three Major Technical Issues That Keep Many Modern Enterprise Chief Information Security Officers (CISOs) Awake at Night.

Veridium, a leading developer of frictionless, passwordless authentication solutions, today announced its issuance of “What Keeps a CISO Up at Night (in 2022)” in which TAG Cyber analyzes three of the primary concerns that have been consistently on customers’ minds.

TAG Cyber CEO and Founder Dr. Edward Amoroso, said: “This question of what keeps a CISO up at night is, without a doubt, the number one question we hear during media inquiries at TAG Cyber. But I’ve noticed that our answers tend to shift rather rapidly.”

“Tasked as the interface between security staff curating cyber controls and senior management governing cyber risk, the CISO has had to learn a plethora of executive skills related to communication,

interaction, negotiation, sales, budgeting, and people. These challenges keep CISOs up for sure – but I’ll stick to technical issues here,” he said.

Consistent challenges cited include:

Security Challenge 1: Identity

A major root cause of nearly every major cyber breach observed over the past few years has been an insufficient set of controls related to identity.

The traditional method of issuing user IDs and passwords has been shown to create environments rich in account takeover and fraud. Instead, CISOs who support on-line customer engagement have had to create programs that analyze user behaviors, develop advanced verification methods, and do so consistent with regulatory and compliance objectives.

Another aspect of the identity challenge is the internal friction that slows business processes and adds complexity to routine employee tasks and responsibilities. One such example is the continuing reliance in the banking sector for branch floor personnel to carry physical identity tokens. Replacement of lost tokens and trips home to retrieve forgotten ones are routine. Other sectors present similar problems around physical identity schemes.

Security Challenge 2: Inventory

A second major issue for CISOs that not only keeps them up at night, but also causes considerable tossing and turning for IT operations executives involves inventory. This includes both an inventory of assets such as devices and endpoints, as well as data. While it would seem so obvious that inventory must be properly managed as a foundation for all security controls, it tends to be neglected by most enterprise teams.

The most common issue that emerges with respect to inventory involves something we refer to at TAG Cyber as sprawl. An organization might have started one or more decades ago with a reasonably manageable inventory. But growth of data creation, minimal data removal, corporate actions (such as mergers), third-party data creation, explosion of app usage, and expansion to cloud and SaaS have all contributed to inventory sprawl.

Security Challenge 3: Complexity

A third and perhaps the most important challenge that keeps CISOs up at night these years involves complexity. This refers to the difficulty any person or group has in understanding the IT infrastructure, security systems, and business processes of an organization. Every CISO knows that complexity in these areas always implies insecurity – and, in recent years, complexities have abounded.

A reasonable test for the level of complexity in an organization involves the simple question of whether a security team has schematics for the network infrastructure, deployed systems and applications, and all stored data (obviously related to the inventory problem managed above). If a CISO does not have diagrams of how the enterprise network has been arranged, then things are simply too complicated.

Veridium Chief Operating Officer Baber Amin said: “Now more than ever before, CISOs are faced with complex challenges that demand the evolution of their enterprise. We see firsthand through our customers eyes how the adoption of better solutions and processes such as integrated identity that’s powered by AI-based behavioral biometrics can provide a far better and more efficient, effective experience for both employees and customers. In the analysis What Keeps a CISO Up at Night (in 2022), Dr. Amoroso and the TAG Cyber team provide important, actionable insight.”

For a copy of the analysis, please visit: https://www.veridiumid.com/tag_veridium_blog_6622/

About Veridium

Veridium is the original passwordless multi-factor authentication company. Veridium’s Identity Platform is a comprehensive authentication platform using AI-based behavioral biometrics. Veridium makes it easy for organizations to eliminate passwords across applications, websites, and web services to create a future with no passwords, no phishing, no fraud. For more information, please visit www.veridiumid.com. Follow Veridium on Twitter at @veridiumid.

View source version on businesswire.com: https://www.businesswire.com/news/home/20220607005848/en/