Savvy Chief Information Security Officers (CISOs) are taking bold steps to demonstrate their value to the CEO and board of directors and validate their seat at the table among the C-suite. In addition to protecting the enterprise, CISOs are working with the CEO and the board to identify and act on new opportunities for applying innovation to create new waves of value for the company.
Increasingly, the CISO is being looked upon to enable - not hinder - the business.
One of the industry's leading CISOs, Mignona Cote, CISO PayFlex, an Aetna subsidiary and Sr. Director/Business Compliance Officer, Global Security, Aetna, has extensive experience in working with corporate and industry leaders to identify opportunities to differentiate the brand and for making operations and business processes more cost efficient.
For instance, PayFlex, an Aetna Company, is utilizing behavioral analytics to better understand and learn customers actions. These tools are also helping Cote and her team to distinguish customer behaviors from those of suspected threat actors.
"There are certain times that customers will check their account balances and from specific locations," said Cote, who will be speaking about innovation and information security at HMG Strategy's upcoming 2018 New York CISO Executive Leadership Summit on April 5, 2018. "Threat actors, however, are more likely to add a new bank account to their records and log in from remote locations at much time different times of the day." The threat actor performs transactions differently than what the customer does.
By applying these tools and continually learning about its customers' behaviors, PayFlex has been able to dramatically reduce its fraud rate over the past year.
Collaborating with the CEO and the Board on Innovation
For fellow CISOs who are looking to sharpen their skills in collaborating with the CEO and the board on innovation opportunities, Cote offers several recommendations.
First, CISOs should clearly articulate how any innovation initiatives are designed to deliver efficiencies and drive cost savings through simplified processes. For example, consider the experience customers go through by contacting call centers. They are asked for pin numbers, birthdays and possibly Social Security numbers. Solutions are now available to capture a voice footprint. A change like this improves customer experience by moving the constant need to answer questions about who you are and also saves money for the enterprise by reducing call time. And, by the way, improves security.
CISOs should also share opportunities as to how innovation can help the company to differentiate the brand in the market, says Cote. In doing so, the CISO can and should share with the board an overview on the top risks associated with each innovation project and the most effective approaches for mitigating those risks.
As cyber security threats continue to become more complex and widespread, information security leaders need to be more imaginative in conceiving and delivering proactive security strategies. "As members of the executive team, CISOs have to come to the table with creative and innovative solutions for protecting the enterprise and moving the business forward," said Cote.
To learn more about Mignona Cote and other speakers at the 2018 New York CISO Executive Leadership Summit, click here.