Cybersecurity Preparedness: Bridging the CEO-CISO Gap

Severity: Low (Score: 39.9)

Sources: Msspalert, 429ba640.streak-link.com, Deloitte

Summary

A media and entertainment company faced an impending cybersecurity incident, prompting its CISO to enhance the organization's cybersecurity posture. The CISO aimed to align all corporate functions to ensure a coordinated response to potential threats, which could range from phishing to ransomware attacks. Deloitte assisted in developing a comprehensive incident response plan that emphasized a whole-of-business approach, ensuring all stakeholders understood their roles during a crisis. This initiative was led by former Air Force officers, leveraging their experience in national security to bolster the company's defenses. The focus was on building resilience through automation and effective communication among executives. The project culminated in a detailed playbook for incident response, aimed at changing the perception that cybersecurity is solely the CISO's responsibility. The alignment between the CISO and the CEO on risk priorities remains a critical challenge, as highlighted by differing concerns over fraud, phishing, and ransomware. Effective communication and shared language around risk are essential for improving cybersecurity outcomes. Key Points: • A media and entertainment company enhanced its cybersecurity incident response plan. • Deloitte helped align corporate functions for a coordinated cybersecurity response. • Misalignment between CEOs and CISOs on risk priorities complicates cybersecurity efforts.

Key Entities

• Phishing (attack_type)
• Ransomware (attack_type)
• Entertainment (industry)
• Manufacturing (industry)
• Technology (industry)
• Telecommunications (industry)
• T1566 - Phishing (mitre_attack)