IT execs urged to focus less on technology, more on business

IT executives must stop being so technology-focused and start talking with government leaders and politicians about data lost risks and cyber security.

Noting that most IT people, particularly CIOs and CTOs do not understand the language of business, Erick Stephens, CTO-Asia Pacific, Microsoft Public Sector, lamented that "because we are so techie, we talk about big data, and we lose the opportunity to talk with the politicians."

Talking with politicians and government leaders, he pointed out, "will become very relevant with cyber security because all digital assets (information) will be at stake."

"Who owns the risk?" he asked, "the Chief Executive Officer or the business owner?" Not the Chief Information Officer or the Chief Technology Officer, he emphasized. "They have to tell us the amount of risk so we can manage what is possible with our resources. Government (and business) needs to understand that IT's role is to provide management with the right information. They must understand that CIOs and CTOs are enablers."

Stephens, together with Dough Farber, managing director, Enterprise Asia Pacific, Google Enterprise; and Bill Chang, CEO Group Enterprise, SingTel, shared their experiences at the Innovators Plenary Panel on "Innovating to Meet the Next Wave: New Technologies, New Strategies" that was held during the CommunicAsia 2013/EnterpriseIT2013 exposition that ran from June 18 to 21 at Marina Bay Sands in Singapore.

Noting the IT people's diminishing role in board rooms and their waning influence in the C-suite executive levels, Chang asked "why can't every CIO be a chief innovation officer, and every CTO be a chief transformation officer?" There are great responsibilities for these executives, he noted, "and there is huge opportunity for CIOs and CTOs to make a difference."

Stephens said the ability to explain technology as an enabler will become important when dealing with cyber security. "Criminals will follow the money, and the money will increasingly be in digital assets," he warned.

New Approach to IT Security

"Traditional IT security defenses are struggling," Stephanie Boo, regional director for South Asia Pacific at FireEye, told a workshop on mobile security that was dubbed "What Keeps CIOs up at Night?" He noted that "banks are still being robbed everyday (over the Internet)" due to data leakage, for example.

As governments push for a mobile-enabled citizenry and businesses, she said a bring-your-own-device (BYOD) workforce must be considered carefully. "For a malware to gain entry into the network, it just needs to compromise one person with access such as the office receptionist, and not all the employees," she cautioned.

She said a new breed of attacks is able to evade signature-based defenses and the use of pattern matching is not effective against the new threats.

"One main attack vector are the apps (browser, plug-ins, Flash, etc.)," Boo said. "They give you the apps not for you to engage the game, for example, but to use them to get into your system."

She enumerated several factors that have caused "the perfect storm" as far as IT security is concerned. These are: wave of innovation (mobile, social, Cloud, Big Data); more than 50 countries arming for cyber espionage/warfare; the absence of a global governance or global law enforcement model; increased greed and cyber sensationalism; and new types of attacks launched by new actors.

For his part, Ronald van Kleunen, CEO of Globeron Pte. Ltd, said: "Security has always been an afterthought. How many organizations are able to detect a wireless hacker in the services they provide their customer?"

Join the CSO newsletter!

Error: Please check your email address.

Tags business issuespersonnelMicrosoftsecurity

More about BillFireEyeGoogleIT SecurityMicrosoftTechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Edison Dy Ong

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place