In 2021, organisations looked for new ways of doing business. For most organisations the ability to rapidly implement security platforms that allow their workforce to work safely from anywhere was neither easy nor feasible.

The expansion of remote working vastly expanded the corporate attack surface, leaving organisations more exposed than ever to cyber threats. One of them, ransomware, has put all organisations at greater risk from cybercrime and extortion attacks. Our Fortinet Global Threat Landscape Report shows that ransomware has increased 10.7 times when comparing the first half of 2020 and 2021.

How can chief information security officers (CISOs) and business leaders respond to these threats? Here are seven priorities for them in Latin America and the Caribbean in 2022:

1) Drive business growth and speed

Today, organisations evolve in an accelerated way to achieve business objectives, adopting digital transformation strategies. In some cases, security is an afterthought or an impediment that slows this evolution. CISOs and business leaders must significantly impact the organisation’s agility to prosper economically in this new global business reality by securing assets processes, analysing risks, and preparing contingency plans that help the business achieve its goals.

2) Embrace zero-trust

Today, most organisations do not have a zero-trust strategy (zero trust or ZTNA) for access to networks. What is the ZTNA model? ZTNA architecture, frameworks and models are based on concepts to validate trust and access user and device. The current expansion of the corporate attack surface requires adopting a zero-trust or ZTNA strategy to protect corporate networks, systems and data.

3) Educate your team with new skills

CISOs and business leaders who understand that cybersecurity education is the best tool to mitigate risks are one step ahead of industry practices. They should focus their cybersecurity education efforts on including business partners and customers. Cybersecurity education must join efforts on awareness-raising and adopting knowledge and processes as best practices and standards that help organisations prevent and recover from any incident or information leak.

4) Make cloud security a priority

Organisations in Latin America and the Caribbean are driving cloud computing spending at an increasing rate, leaving many organisations with gaps in their professionals’ skills to address cloud risks. CISOs and business leaders should not underestimate the security risks associated with cloud adoption, as security is a shared responsibility between the customer and the cloud provider.

5) Automate security

With the proliferation of cyberattacks conducted with automation and artificial intelligence, and ransomware-as-a-service (RaaS), organisations are more than ever unable to respond to cyber threats in real-time. It is imperative to shorten the time to defend against cyberattacks. Implementing cybersecurity automation processes and tools will ensure that your organisation can respond to the most extensive number of incidents in an agile way, making it more resistant to current and future risks.

6) Invest in OT security right now

Today, manufacturing, oil and gas, electricity generation and distribution, aviation, maritime transportation, railway, utilities and health care, among others, use information technology integral to their business operations. CISOs and business leaders need to address the impact of operational technology (OT) security within their organisations. The integration of operative technology into network infrastructures, including emerging technologies such as 5G, rapidly makes active technology a critical attack surface vector for organisations.

7) The future is now

Companies are looking to control their fragmented infrastructure against cybersecurity risks. Organisations need a comprehensive, integrated and automated cybersecurity platform, what Gartner calls a ‘cybersecurity mesh’, that provides centralised management and visibility, supports and interoperates across a vast ecosystem of solutions, and automatically adapts to dynamic changes in the network.

Conclusion

CISOs should also be the trusted advisor on cybersecurity issues, advising, informing and educating other executives in your organisation, including the CEO and the organisation’s board of directors. CISOs must understand and speak the language of business in 2022 and evolve to become leaders who will bring about positive change and contribute to the growth and success of their organisations. CISOs are especially important in the Latin American and Caribbean region to support the development of organisations and the area’s economy.