Navigating the Noise — A CISO's Guide to Prioritizing Critical Emerging Threats

As organizations accelerate their digital transformations, the threat landscape becomes increasingly crowded with risks—some urgent and others overhyped. With emerging threat vectors, CISOs are faced with the difficult task of differentiating between urgent threats and distractions. The unprecedented pace of AI adoption also poses significant risks to organizations. How can CISOs differentiate between threats that demand action and those that don't?

CISOs in the New York Community gathered recently for a town hall exploring a threat landscape increasingly crowded with risks and discussed how to navigate the relevance and urgency of new threats.

Brent Maynard, Senior Director Security Technology and Strategy at Akamai Technologies moderated the session. New York Governing Body Members David Sheidlower, CISO and Chief Privacy Officer at Turner Construction; Anthony Candeias, CISO at WW International; Matt Cerny, Director, Cyber Security at Integra Life Sciences; Davin Darnt, CISO Americas at Louis Vuitton; Pascal van Garderen, CISO at Oak Hill Advisors; Daniel Nunez, CISO at New York City Employees’ Retirement System; and Peter Rosario, CISO at USI, led their peers in small group discussions.

For CISOs across our communities, cyber resilience ranks as their top priority in our annual Leadership Perspective Survey. Generative and traditional AI remain in their top ten focus areas, especially if they can find ways to leverage AI for threat detection. In the town hall, CISOs discussed how to analyze threats and strengthen their cyber resilience. 
 

Key Takeaways from the Discussion

• Concentrate on high-impact, high-probability threats, such as AI-driven phishing and cloud supply chain attacks. Emerging threat vectors have CISOs differentiating between urgent threats and distractions and contextualizing new threats within their organizational protocols. That can be a difficult task. CISOs in the discussion recommended prioritizing risks based on severity, resource availability and regulatory compliance. Their organizations need to assess these threats' urgency and relevance by understanding the targets of AI-driven attacks and potentially by leveraging AI for detection. 
• AI poses an opportunity for a defensive tool.  AI-driven threat intelligence and automation tools can help identify patterns and exposures that are not immediately visible to humans. Security leaders and their organizations need to automate tools to anticipate AI-driven attacks and leverage AI for enhancing customer experiences securely. 
  
  As one security executive put it, "AI-powered threats are going to require an AI-powered response."
• Collaborating with partners across the business. CISOs cannot tackle security challenges alone. Instead, they need to collaborate across the organization and create a culture of security because those outside of security will be the front line of defense. As one CISO explained, "If a threat is going to get through, you want Jack and Jill in accounting to be your strongest security advocates."

CISOs can continue the conversation on how to assess emerging threats at an upcoming community gathering. Current community members can sign in to the app to find and register for events. If you are new to Gartner C-level Communities, apply to join your regional CISO community to connect with security peers on critical priorities.
 

By CISOs, For CISOs®
 

Join the conversation with peers in your local CISO community.