Product Special Series — Episode 2: Virtual CISO (vCISO)
Summary: As cyber risks continue to rise, businesses need to enhance their security posture. This article explores how a vCISO can offer expertise and insights. It also highlights benefits and contributions along with how the service needs to be consumed by SMBs.
A recent study by ConnectWise and Vanson Bourne, calls out the widespread cybersecurity skill gap among SMBs. Around 52% of SMBs agree that they lack the in-house expertise to properly deal with security issues and 57% of the SMBs do not have specific cybersecurity experts in their organization.
CISOs and vCISOs
CSO Online defines a CISO as “The chief information security officer (CISO) is the executive responsible for an organization’s information and data security.” CISOs tend to be relatively expensive when compared to a vCISO, besides the additional overhead of hiring and retaining them.
Introducing Virtual Chief Information Security Officer (vCISO)
Key benefits of vCISOs include:
· Bring a wide range of expertise: i.e. extensive experience and exposure in various domains
· Networking with multiple cybersecurity solution providers
· Flexibility of working, often remotely
· Provide SMBs access to the global talent pool
Adapting from Gartner, the key responsibilities of a vCISO are highlighted below:
According to multiple publications, vCISOs tend to be relatively more budget-friendly. In the US alone, the average salary of CISOs tends to be around $200,000, whereas vCISO compensation is much lesser. They can also be hired quicker, relying on trusted third-party (e.g. Ofofo Marketplace) references and rating, without extensive vetting.
Relevance to SMBs
While 71% of SMBs report that they have only the basic security infrastructure and the majority (52%) admit to lacking in-house skills to properly deal with security issues, a vCISO can bridge the gap by bringing in focussed knowledge and domain expertise.
Off-the-shelf knowledge and expertise, higher levels of cost-effectiveness, quicker integration with cyber security teams and a better level of scalability tend to be some of the primary motivations to hire a vCISO. Other reasons include end-to-end cyber security posture management and solution implementation/deployment.
As vCISO, the professional is responsible for the overall cyber readiness of your business, it is recommended that the following factors are considered while hiring for this position:
· Relevant Experience: Their work with similar-sized companies and industry
· Tools and Support: What kind of support and solution do they plan to bring onto the table
· Trust: Alignment of expectations, rapport and communication skills
Service Usage
Most businesses tend to consume this service by making sure adequate cybersecurity infrastructure and the right environment is in place. The figure below further details the same.
Upon on-boarding, they contribute towards cyber security vision, strategy & implementation, framing appropriate cyber security architecture and policies, and conveying security goals to the Board of Directors.
Additional contributions might include:
· Advisory for compliance and regulatory audits
· Risk mitigation and incidence response
· Offer consultation on defining security budgets & cost-effective solutions
· Help plan and training of various teams
How can a marketplace help?
Some major pain-points SMBs face with traditional buying channels include:
Apart from the curation of solutions and enablement of easier comparison of vCISO expertise and pricing, marketplaces (like Ofofo) focus on creating an environment of transparency and trust by carefully vetting service offerings.
Conclusion:
Virtual CISOs are helping businesses better their security posture. They offer significant expertise and knowledge as traditional chief information security officers and tend to be relatively more flexible and budget-friendly. They are of utmost relevance to SMBs to better their security posture. Marketplaces can play a key role in SMBs’ vCISO procurement journey by bringing trust, confidence and ease of hiring.
