How CIO's meet growing security threats

Are CIOs and their IT departments prepared?

When it comes to protecting enterprise data, CIOs and CSOs are at a crossroads. The complexity and prevalence of security threats continue to grow, bolstered by consumer IT and mobility. The open nature of IT has paved the way for far more sophisticated attacks—beyond conventional credit card data theft to multilevel attacks. Information security executives face perhaps the toughest challenge of their careers.

________________________________________________________________________________

Security for Business Innovation Council combatting escalating threats an industry initiative

_________________________________________________________________________

The business requires and expects total freedom and choice in technology, yet risks come from any number of places: users at their desks, users working from many different mobile devices and unsecured networks, and users downloading applications at will from the Web. Corporate integration with social media sites provides a new path for malware to the network—not to mention privacy risks and even identity theft.

Hackers still have many more opportunities to grab enterprise data and are getting smarter by the day. Given the pace of change in our Web-based mobile world, who knows what next month will bring?

Moving from point solutions to integrated security

Many companies rely upon point security solutions designed to protect hardware and networks, and deploy broad-based security programs that blanket all applications and users in much the same way.

IT’s approach to security too often occurs at the last mile, immediately before a new application or suite of services is set to release. This disjointed, retrofit approach has unfortunately resulted in troubling and sometimes disastrous consequences for many wellknown companies over the past few years.

It’s time to place security front and center of all IT deliverables—in a more proactive, integrated fashion. Take note: this is an opportunity for IT to take the reins of a critical risk factor for the business. Doing this right will enable IT to give usiness leaders clear avenues to innovate and enter new markets with the help of IT-enhanced services. Instead of being draconian rule-makers, CIOs and CSOs can help their business counterparts do more with less risk.

Given both the opportunities and the threats, CIOs and CSOs must rethink security processes and practices. Moving forward,security ideally becomes an enterprise initiative integrated into all facets of operations and measurable in business terms. CIOs, CSOs, and their teams will do well by adopting a baked-in approach so security isn’t a technology wrapper, but integrated across services, processes, user behavior, and technology.

It’s time to place security front and center of all IT deliverables

—in a more proactive, integrated fashion.

New metrics and business alignment
In the future, CIOs will need to better quantify and justify investments in security technologies and programs to ensure spending is stratified by business risk. IT will need proven methods for evaluating whether a technology is aligned properly with high priority, sensitive business data. What will be the most appropriate risk metrics to track?

The security of the future will be tightly aligned with business goals, shifting to an on-demand service model within the IT-as-a-service infrastructure now under way. IT leaders will work in tandem with the CSO, rather than reacting as the last bastion of defense moments before deployment. As one expert said, this shifts emphasis from the nearimpossible task of preventing intrusion to the crucial task of preventing damage.

Understanding the threat landscape
Some CIOs say they are seeing a tenfold increase in the intensity and frequency of attacks on their networks. The Ponemon Institute, in its 2010 Cost of Cyber Crime study, reported that of 47 organizations surveyed, a combined 205 separate and discernible cyber attacks were detected over the course of a fourweek data collection period. The average annualized cost of cyber crime for these organizations was $6.2 million.

CIOs and their boards continue to report that security is a top priority. In a poll of more than 800 CIOs in the 2011 State of the CIO survey by CIO magazine, respondents cited the increasing importance of security and risk management, driven by the adoption of alternative IT models. Four out of 10 respondents anticipate that improvements to security and risk management will be among their IT organizations’ most significant business accomplishments in the year ahead—up from 34 percent in 2010 and 26 percent in 2009.

Security attacks targeted at corporations are complex and multilayered. Cyber criminals and so-called “hacktivists” are exploiting corporate adoption of social media and cloud services by penetrating corporate networks through technologies such as social engineering. Typically operating in rings, they use stealth and government-agency tactics, such as compromising one company to enable an attack on another. Other methods include sophisticated analytics and intelligence gathering, application layer exploits, and multistaged attacks on sensitive financial, and customer data or intellectual property.

To read more in this series on How CIO's meet growing security threats download today the full report

Upcoming sections within this series are: 

  • Building better relationships within the business
  • Security as a market-enabler not a roadblock
  • Forging a CIO-CSO brand
  • Sealing the "people perimeter"with risk-based security and education
  • A business firdnly approach to governance
  • A roadmap to evolve

To read more in this series on How CIO's meet growing security threats download today the full report

Comments

Comments are now closed

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

IT Compliance Solutions

Enforce compliance consistently and cost-effectively across your organization.

Latest Jobs
Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.