October is Cybersecurity Awareness Month, which serves as an opportunity to enhance your organization’s cybersecurity education and awareness program, ensuring that all employees, from entry-level staff to executives, understand their role in protecting sensitive data.  This is more important than ever; according to Gartner, by 2025 lack of talent or human failure will be responsible for over half of significant cyber incidents. Even more sobering, Forrester predicts that 90% of data breaches in 2024 will involve human error.

This got me thinking about what these challenges mean from the perspective of the different roles within the security team. What’s high on their respective agendas and what are they doubling down on? What are CISOs and security leaders prioritizing versus the security operators?

2024 – A year of change

This year there has been no shortage of ‘embracing the new’ for CISOs. Security leaders must contend with the application of artificial intelligence in both cyberattacks and defense; a U.S. election cycle with a major focus on election security and fraud prevention; the Securities and Exchange Commission (SEC) disclosure rule requiring publicly traded companies to report material incidents; and a global geopolitical environment fraught with conflicts. The ongoing conflicts, and newer ones in 2024, will continue to put pressure on CISOs to consider threat vectors beyond the immediate risk posture of their business.

Another sobering thought is that in the last 12 months we’ve seen more attacks from adversaries than previous years, as cyber threats continue to evolve at an accelerated pace, but this also means that operating teams are getting more experience than ever before in dealing with those attacks and gathering threat intelligence.

Growing cybersecurity regulations

To combat this onslaught, new regulations are coming into force such as the NIS2 Directive and Digital Operational Resilience Act (DORA) in European markets and, as mentioned above, SEC which has several new cybersecurity rules for 2024, including mandatory cyber-incident reporting within four business days. Likewise, NIS2 and DORA are all about shoring up operational resilience and demonstrating that you have a good handle on cyber risk and incident reporting.

Where AI is concerned many large organizations are setting up approval committees for AI use to ensure guardrails are in place. Additionally, the first legislation of its kind, the EU AI Act, mandates establishing comprehensive oversight of AI technologies. The legislation aims to ensure the safe, transparent, and ethical deployment of AI. For security operators this will require far more logging and evidence gathering to ensure compliance.

How automation can help lift the burden

All these issues will put even more burden on already resource-stretched security teams, which is where cybersecurity automation can help.

For four years we have been examining security professionals’ approach to cybersecurity automation and how this is maturing as an aid to help them fend off escalating attacks. Again, we’ve also looked at this from the perspective of different roles and it was interesting to find that, in terms of attack vectors, CISOs are more concerned about cyber-physical attacks than any of the other roles that we surveyed. In contrast, Heads of Cyber Threat Intelligence see most cause for concern around deepfakes. In their role they are more exposed than most to data about emerging threats, which should make them a useful bellwether for future focus areas.

Again, our research study shows that different roles have differing views on automation and what use cases to apply it too. What we have seen is that CISOs, and Heads of SOC are seeking productivity and efficiency from automation, while Heads of IT Security Solutions Architecture are more concerned about regulation and compliance.

CISOs still prefer the human touch

There is a one marked change across roles compared to previous years, where cybersecurity professionals largely concurred on how to measure the ROI of cybersecurity automation and the majority were using employee satisfaction and retention. CISOs are now the only group leading with employee satisfaction and retention, which demonstrates that they still prefer the human touch, but in other roles less human-centric KPIs are on the rise. Perhaps this is where the CISO recognizes that if the team burns out and leaves the organization, they will have a hard job replacing that talent. 

Other roles are looking more closely at resource management – especially Heads of SOC and IT Security Solutions Architecture. There is far more focus on how well the job is being done from Heads of Cyber Threat Intelligence too.

Threat Intelligence specialists are keen to share

Interestingly, those heading up cyber threat intelligence are the most likely to be sharing what they learn with others. Operators of intelligence gathering and actioning clearly appreciate the power of collaboration. Sixty-two percent share information with direct partners and suppliers and 58% share through an official threat sharing community. Nine percent go so far as to share intelligence outside their industry. Those in other roles are slightly less active in sharing intelligence. In fact, CISOs are more likely to share intelligence with others in their industry through a threat-sharing community than with their direct partners and suppliers.

Awareness training shouldn’t be a one-size-fits-all approach

It is interesting to look at security challenges through the lens of these different roles as it underlines that there’s no “one-size-fits-all” approach. Certainly, throughout Cybersecurity Awareness month, it is important to consider why different employee role types make mistakes or may need more security awareness training than others. Unfortunately, human error is an inevitable reality in our modern digital environment and a challenge that every business must grapple with. Therefore, putting a spotlight on Cybersecurity Awareness is not only good practice but an imperative. This will help shore up your organization and prevent what could potentially be a breach incident.

Related: Why Intelligence Sharing Is Vital to Building a Robust Collective Cyber Defense Program