Recently, it was announced that the Clorox company’s CISO has stepped down from her position. Her departure comes as the company is still recovering from a devastating cyberattack that paralyzed its order fulfillment facilities for more than a month, leading to a 20% decline in net revenue in the first quarter of the fiscal year.
The reasons behind her departure have not been publicly disclosed. Still, her decision to step down during such a critical time for Clorox's cybersecurity efforts has raised concerns among experts and investors alike. Some speculate she may have been frustrated with the company's slow response to the cyberattack and its lack of investment in cybersecurity measures. Others suggest that she may have felt overwhelmed by the challenges of leading the company's cybersecurity efforts in the aftermath of such a significant breach.
See: https://redskyalliance.org/xindustry/clorox-woes
As a public company, Clorox leaves its CISO with fiduciary duties in both fact and act (even if not explicitly mentioned). Noting this, leaders must be ready to confront the consequences of cybersecurity failures that inflict financial harm to investors. Conversely, suppose a CISO is to be held accountable like a CFO or General Counsel concerning matters of investor confidence. In that case, the executive contours of the CISO role should be revisited to ensure that it has sufficient authority, agency, and institutional backing to defend data assets as a fiduciary.
Whatever the reasons for the departure, her exit is a setback for Clorox as it struggles with the ongoing fallout from the security incident and the increasing sophistication of cyber threats. The company now faces the task of finding a new CISO who can restore trust in its cybersecurity capabilities and lead the company into the future. And who wants the position, seeing what happened to the former CISO?
"Assuming she <sic> knew the environment was vulnerable before the incident if she withheld this from the responsible executives, then she should be fired," said an independent consultant and former Security Assurance Director at The Walt Disney Company. "However, if she informed the executive committee of the risk and they accepted it by not acting, she should be rewarded. Unfortunately, sometimes, CIOs do not want CISOs to be transparent with the executive committee. The CISO implicitly accepts the risk and is rewarded for not rocking the boat until an incident happens."
Clorox's cyberattack is just one of many recent incidents highlighting the growing security risks associated with global supply chains. As companies increasingly rely on third-party vendors and suppliers, their attack surfaces expand, making them more vulnerable to malicious actors. In the case of Clorox, the cyberattack disrupted the company's ability to deliver products to its customers, causing significant financial losses. The attack also exposed sensitive customer data, potentially damaging the company's reputation and customer trust.
With increasing global cybersecurity threats, the role of the CISO has become increasingly important. CISOs are responsible for overseeing and managing a company's cybersecurity program, which includes protecting its networks, data, and systems from cyberattacks.
In today's complex and interconnected world, CISOs need to think strategically, communicate effectively with senior management, and have a deep understanding of cybersecurity technologies and best practices. They also need to be able to build and manage a team of skilled cybersecurity professionals despite very challenging workforce dynamics. CIOS's will also be asked to take on the burden of personal risk and liability in this position
This article is presented at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, a demo, or assistance, please get in touch with the office directly at 1-844-492-7225 or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5993554863383553632
Comments