Security Risks in the Digital Age: The Importance of an Experienced CISO

Ric Longenecker , CISO Swiss Interim Management

Tuesday, January 2022, IT Department of a large Swiss car dealership.

When the Chief Information Security Officer (CISO), let's call him Antony, hears the voice of his colleague on the phone, he immediately knows the situation is serious. Systems were failing, and files were being encrypted – all signs pointed to a large-scale cyberattack. After a brief exchange of information and some targeted questions, the CISO calmly but decisively ordered: "Shut everything down."

Antony's decision was swift and unequivocal, but not without risk. What if it was a false alarm? It could take several days for the dealerships and headquarters to resume normal operations. The damage would be enormous. Antony had to quickly analyze the situation and give his team the correct instructions. But Antony was trained for situations like this. As an experienced CISO, he knew exactly what indicated a massive cyberattack. And he knew that speed and decisiveness were now crucial. Everything had to be focused on one goal: minimizing the damage to the company.

While the entire team worked at full speed to shut down systems in data centers, the cloud, and local offices, the CISO informed upper management and IT security managers about the critical situation.

In the following months, the company invested several million Swiss francs in restoring its IT systems. This included backups, containing potential data leaks, and communication with customers and employees across Switzerland. Additionally, major car manufacturers had to be convinced to reconnect their systems with those of the dealership.

In hindsight, this quick and decisive decision by the CISO was exactly right: it was a severe cyber-attack by a hacker group that had also targeted other Swiss companies. Any hesitation could have multiplied the damage to the company.

The example of the car dealership is not an isolated case. Nor is it an incident that exclusively affects large companies or corporations. In August 2024, an international cybercriminal ring was uncovered thanks to investigators in Bamberg, Bavaria. At least 42 small and medium-sized companies were extorted, with an average loss of about 4.5 million EUR per attack. For small companies, such amounts can quickly become existentially threatening.

Cybercrime is a billion-dollar business

Estimates suggest that cyberattacks cause damage worth several trillion dollars worldwide every year. Criminal organizations now operate like professional companies, with sophisticated business models and specialized divisions of labor. They even offer "Cybercrime-as-a-Service," providing technically less skilled criminals with access to advanced hacking tools. Ransomware attacks alone extorted an estimated $1 billion in 2023. This is in addition to income from data theft, identity fraud, and other cybercriminal activities. The high-profit margins and relatively low risk of prosecution make cybercrime an attractive field for organized crime. This trend highlights the urgent need for companies and organizations to invest in robust cybersecurity measures and continually improve their defense strategies.

Rising Extortion Potential

Ransomware attacks, where company data is encrypted and only released in exchange for ransom, are now commonplace. Moreover, cybercriminals are increasingly relying on double extortion, where they not only encrypt data but also steal sensitive information and threaten to release it. This particularly affects industries with highly sensitive data, such as healthcare or the financial sector. The consequences of such an attack can be devastating – from massive financial losses to reputational damage and legal consequences for data protection violations. Given this development, companies today must continually adapt and strengthen their security measures to prepare for such threats and minimize the extortion potential.

How Companies Can Build a Robust IT Security Structure

A study by the IT security provider Sophos shows that even the specialized area of IT security suffers from a severe shortage of skilled workers. Seventy-one percent of companies facing a shortage of IT professionals specifically need experts in IT security. The shortage is particularly pronounced in the financial sector, where 43 percent of banks and 42 percent of insurance companies are affected. This is because companies with sensitive data are more frequently targeted by cyberattacks. The study indicates that 29 percent of IT managers do not have enough staff to protect their infrastructure. To counter the skills shortage, it is recommended to make recruiting more flexible and integrate external expertise.

Here, an Interim Chief Information Security Officer (CISO) from Swiss Interim Management can be the right solution for your company. As a highly qualified expert, they bring immediately deployable skills and experience to close security gaps. Additionally, an Interim Head of IT Security can be particularly valuable during transition phases, especially when it comes to revising security strategies or quickly regaining control after an incident.

Why It’s So Important to Have an IT Security Manager Onboard

As described at the beginning, cyber threats are becoming increasingly complex and versatile. An experienced Interim Security Operations Manager immediately brings the necessary expertise to identify potential threats to a company and develop and implement the appropriate security measures.

In an emergency, events unfold quickly and often simultaneously, which can quickly lead to panic within the IT department. To prevent further damage, a true crisis manager is now needed to calmly guide the team through a potential emergency.

Additionally, an Information Security Manager not only brings technical expertise but also strategic competence to comprehensively assess and manage security risks. They act as a link between the IT department and corporate management, ensuring that security concerns are represented at the highest level and that cybersecurity is considered an integral part of the company's strategy. An IT Security Manager can also promote the development of a robust security culture within the company and effectively implement compliance requirements.

The Advantages of an Interim CISO

An Interim Chief Information Risk Officer (CIRO) offers the advantage of being quickly available and possessing top-level expertise. With their independent perspective, they can work without the constraints of internal bureaucratic structures. In addition, they have worked in various corporate environments and have extensive experience at the highest level. This enables them to conduct a comprehensive security review and develop and implement tailored security strategies:

1. Strategic Security Planning:A Chief Information Security Officer (CISO) develops a long-term and tailored cybersecurity strategy for your company. This strategy ensures that the company is not only prepared for current threats but also anticipates future challenges as they arise. The strategy includes not only technical solutions but also training and awareness measures for employees to minimize human error and embed cybersecurity awareness within the company. Additionally, methods for measuring cyber hygiene are introduced to continuously monitor the effectiveness of security measures.
2. Quick Response in a Crisis: When a cyberattack occurs, as the example of the car dealership shows, it is crucial to act quickly, decisively, and correctly in a crisis. A Cyber Security Manager can immediately take the necessary steps in such cases to limit the damage. A company's ability to respond quickly can make the difference between a manageable incident and a potentially existential crisis.
3. Use of Cutting-Edge Technology: An experienced Chief Information Security Officer (CISO) ensures that the company stays up-to-date with IT security. This is achieved through the strategic introduction of advanced security solutions such as artificial intelligence (AI), machine learning, and automated threat detection. These technologies enable more effective detection and prevention of potential attacks in real-time, even before they can cause damage. The CISO is responsible for developing and implementing a comprehensive IT security strategy that sensibly integrates these advanced technologies. At the same time, they continuously monitor and assess the technological landscape to ensure that the deployed solutions always meet the highest security standards and are adaptable to new threats.

The CISO also takes into account the limitations of these technologies and ensures a balanced combination of AI-driven systems and human expertise to provide the best possible security for the company.

1. Compliance and Regulatory Requirements: A Manager Cyber Security and Compliance ensures that all security measures are always up-to-date with industry standards and meet new regulatory requirements, such as the Digital Operational Resilience Act (DORA) and the Network and Information Systems Directive (NIS2). In many industries, there are strict regulations regarding data protection and IT security. The Manager Cyber Security and Compliance ensures that the company meets all legal and regulatory requirements, which not only avoids penalties but also strengthens the trust of customers and business partners.
2. Implementation of Specific Projects: Another significant advantage of an Interim CISO is their ability to efficiently execute specific projects. For example, they can lead the establishment of a Security Operations Center (SOC) or drive the negotiation and implementation of outsourcing contracts. Additionally, an Interim Chief Security Officer takes over crisis management in emergencies and safely guides the company through difficult phases.

Through close collaboration with IT and other department heads, the strategy is tailored to the specific needs of the company. The flexibility and experience of an Interim Head of Cybersecurity make them the ideal choice for companies that need short-term support in improving their security architecture.

Ric Longenecker ?is a security manager with over 18 years of experience across various sectors including technology, telecommunications, energy, and government. His expertise spans multiple geographies and organizational sizes. Ric has a strong background in security and enterprise IT, with a proven track record of implementing Information Security, Compliance, and Cyber Defense initiatives in both private sector companies and international organizations. His global mindset and hands-on approach enable him to effectively communicate and engage with complex stakeholders, ensuring successful project delivery and customer satisfaction. Based in Zurich/Luzern, Switzerland, Ric is known for his humble, passionate, and authentic leadership style, fostering lasting relationships and managing complex issues with ease.

In the context of today's digital transformation, the role of a Head of Information Security is indispensable. For companies that are not yet ready to commit to a permanent position, an Interim CISO offers a practical and effective solution. They provide the expertise and leadership needed to protect your organization, ensure compliance with legal requirements, and positively impact your KPIs.

Is your company ready to take its cybersecurity to the next level? Contact us today to learn more about how our interim management services can help protect and lead your business to success.