How CISOs Are Turning Data Into A Defensive Asset

As AI automation takes hold across every industry, security leaders are shifting focus to high-impact projects as the weight of rote security tasks lessens. Agility and security are no longer the trade-off they once were. Those tasked with compiling proper governance and security measures are also responsible for implementing organizational enablement. The Venn diagram of a modern security team shares a neatly overlapping center where cautious defense and business acceleration meet.

Dr. Timo Wandhöefer is the Group CISO at Klöckner & Co SE, a century-old German metal products processor. His career has taken him across the public sector, highly-regulated financial services, and global manufacturing industry where he has navigated organizational automation and security through multiple technological climates.

Klöckner’s target is to digitalize and largely automate its supply and service chain in pursuit of becoming the leading digital one-stop-shop platform for steel, equipment, and processing services in Europe and the Americas. Enterprise-grade workflows of this magnitude require safeguarding data within every automation cycle. It relies on a team's ability to automate confidently with global compliance standards baked into the interconnected tools they build.

• An untapped goldmine: Wandhöefer said the ultimate form of resilience involves turning a company's own data into a defensive asset. He believes organizations can find powerful security insights by looking inward. "There's a beneficial new trend in how companies can use their own data," he explained. "We see accrued knowledge in IT and data services that can be used not just for business goals, but also for security. Using our own data for security and resiliency is a starting point, and it's something we all should do more of."
• Highly regulated; never relegated: "Every sector is a headache in its own way," Wandhöefer quipped. "But in any highly regulated environment, it's often easier to get approval for your programs internally because the mandate comes from regulators." Along with tight regulation comes immutable governance and risk reporting.

Automated reporting and analysis baked directly into workflows offer greater visibility into a business' security posture. Many modern Security Information and Event Management solutions allow automation engines to seamlessly ingest security data and automate incident response actions. Wandhöefer pointed to Rubrik as an example of deeply integrated recovery software that is changing the game for how CISOs right their organizations after inevitable breaches occur.

• Baked in: "There are more and more technologies on the market today using AI modules. So even if a company is not directly using [self-built] AI, it comes as a module within much of the everyday technology we use."
• Insights across the entire org: "The environment changes really quick now as we see AI-driven threats more often and orchestrated in higher quality. Integrated tools are really helpful for monitoring threats and triaging which threats are more important than others. The ability to filter is really helpful for resiliency, along with the information-gathering that happens around each of these siloed threats."
• The holistic fix: Achieving this new mandate requires breaking down the organizational silos that separate security from recovery. Wandhöefer called for a fundamental shift in platform architecture, one designed to safeguard data within every automation cycle. "As a CISO, I have to manage both preventive and reactive measures. If you don't cover these challenges with a holistic view that interlinks all your tools and stakeholders, you will definitely fail. My magic wand would be a one-stop-shop technology—a single tool that fixes all our security and resiliency challenges."

The threat landscape that has been fundamentally altered many times throughout history, and AI exposure is only the latest manifestation of sophisticated threats.

• The latest threats: "Social engineering is back on track," he said. "We thought for a couple of years that it was over, but with AI, it has returned as a major threat against credentials and phishing. It happens more often, it's automatically driven, and it often seems like a real person is behind it as opposed to AI."

• Zero trust: To combat these threats, on the technical front, protecting work at every step everywhere requires a clear architectural mandate: On the human front, safeguarding against error means the defense must be just as direct, updating awareness training for today's threats. "You need a really good Zero Trust approach, with identity and access management on point at the application layer to detect anomalous behavior."

• Continuity, not containment: Because attacks are now inevitable, Wandhöefer argued that focusing only on prevention is a failing strategy. The goal must evolve from containment to business continuity. "A paradigm shift is happening," he explained. "As CISOs, we are no longer talking about 'backup solutions' like the IT teams do. We are talking about the purpose-driven goal of 'disaster recovery' to bring all our business activities back on track."

Once the tokenized dust settles from the first wave of foundational LLMs, and integrating technology and processes becomes table stakes, what should be left is pure upside. There will certainly be new technological threats on the horizon, but the fundamentals of balancing exposure with opportunity by fighting tech fire with fire will likely stay sound.