The recent theatrical rerelease of “The Godfather” coincided with our efforts to finalize our Top Recommendations For Your Security Program, 2022 — and it got us thinking … there are some striking similarities to the protagonists in each story.
Michael Corleone: as the reluctant but more than capable heir to a sprawling crime syndicate who must navigate a tumultuous world as it changes, all while under attack from adversaries both inside his own family and outside from rival gangs
The CISO: the reluctant but more than capable inheritor of a sprawling technology stack, dealing with a world as it changes amid a pandemic and rising geopolitical conflicts, under attack by malicious (or careless) insiders and external adversaries
Our recommendations for 2022 share other themes with this cinematic masterpiece. In “The Godfather,” Michael Corleone must deal with “mafia debt,” a set of old, lingering problems that held the family back from where he wanted it to go. For CISOs, the same is true. Vulnerability debt, staffing issues, and security awareness activities still create friction for CISOs and hinder progress.
New problems emerged for both our protagonists, as well. In the case of the CISO, those problems include being thrust into the spotlight as the trust imperative takes hold, incorporating the concept of minimum viable security, and the rise of the US government as a source of good — and competition for cybersecurity talent, an unexpected but much-needed development.
Years of toil and plenty of externalities in the form of regulation and ransomware as a service are just two examples that have led to the much-needed elevation of the CISO role. From boards to C-suites and across the organization, CISOs now have more access, influence, and impact than ever before. Put simply, you can’t miss out on this opportunity to transform your information security program for the long haul while solving old and new problems in the process.
Now, we aren’t suggesting gathering your consiglieres — BISOs, in this case — and announcing, “I settled all family business” by going after the heads of the five families: developers, IT, finance, procurement, and legal. But we are suggesting that you gather them and the rest of your security team and explain that 2022 is a year that stands out in terms of the opportunity that exists. Now is the time to finally resolve old problems and remediate new ones to set the security program and organization up for long-term success.
Check out the eight recommendations here, and be sure to join us on May 4 at 11 a.m. ET for a Forrester webinar featuring a panel of contributing analysts who will discuss the importance of each recommendation for your program and take your questions.