Four tech nightmares keeping IT leaders up at night

What’s keeping CIOs awake at night? From data breaches to social engineering, there’s plenty to keep tech types tossing and turning.

Being a CIO isn't an easy job, not when hackers are coming at you from all sides trying to get their hands on that sweet, sweet data. It’s especially never-racking because one breach can turn a company from a respectable business to one that looks like it protects its information with a layer of Swiss cheese.

Here are four things keeping CIOs up at night – and ways to help them fall back asleep again – or at least into a light doze instead of staring at the ceiling waiting for a hacker to break through.

1. Dude, where's my data?

Andrew Hay, CISO for DataGravity, says one concern might seem a simple one: "the lack of data awareness that organizations have in terms of where information is stored and what type of sensitive information is accessible by people who shouldn't have it," he says.

But that's not just about where data lives. It's where copies of it are going, and the security of those systems. "Are [employees] uploading it to things like Drop Box or Google Docs because they work from home or the files are psyched with their personal servers instead of VPN?"

That's a big change from when companies once blocked things like Facebook and social media sites. "They thought nothing of using a proxy to blocking sites. That' gave way to allowing access during lunchtime. That gave way to 'we can't control that,'" Hay says. But that shouldn't give way to a company's data being flung all over the Internet even though "that model seems to be the model going forward, especially with regard to things like personal file sharing software and even IoT devices or personal consumer electronics that people bring in to make their work experience more enjoyable," he says.

2. People poisoning

"We do as much as we can do to make sure we're protecting our organizations, our business, our reputations," says Tristan Woods, CTO of Safeguard World International. But that doesn't mean much if hackers go after people. "The social engineering component is the biggest one because the people component is the hardest thing to control."

[Related: You’ve been hit with ransomware. Now what?]

The best way to stop that is again at the people point. Twice a year, Safeguard World International trains all employees from the CEO down. "We try to train people on how to be secure in their own lives because if you train people on how to look after their online identity and personal reputation outside of work, that's going to infiltrate to what they do inside work," he says.

3. Hack attacks

No one wants to be the next Target – or Home Depot or Anthem. That's why data breaches are a top concern for Joe Magrady, CIO of Vertafore.

That means a lot of different things beyond social engineering, including end-to-end encryption "across the value chain of the process," he says. Also important are traditional safeguard – for example, being current on malware and antiviruses, having firewalls current and optimized, and monitoring.

Monitoring is key, he says, because "it's not if. It's when." And when that hacker gets in? Your security team needs to know about it immediately and begin triage. "What is your ability to, as quick as you can, immediately detect what's going on? That speaks to just having the right log data and monitoring data and having the sophistication both from an operational perspective but also the analytic capability to correlate things and to filter out the noise and get at things sooner."

[Related: These CISOs explain why they got fired]

That's key if you work at an organization that has valuable data like someone's full medical history, which can get more on the black market than a credit card number, Hay says.

4. Data walk-off

What happens when talent leaves? Data might leave with it.

"A common thing we get is 'hey we just had this super talented employee who does some very key stuff for us join a competitor,'" says Rajesh Ram, co-founder and chief customer officer of Egnyte. "That's a very opened-ended challenge that we CIOs deal with."

This is at the center of a legal battle royale between Fit Bit and Jawbone.

Ideally, a company should have structure in place to be able to know what "everyone of your employees is working on in terms of access to corporate material," he says. A company should also have the capability to "manage that process and know exactly what they had access to and what they walked away with."

Also, can you remotely wipe or lock a phone or laptop? That's not just important for employees going to a competitor, but for when devices are lost or stolen. You need to be able to "nuke something when you know it's gone and never going to get it back," Ram says.

Join the CSO newsletter!

Error: Please check your email address.

Tags hackersEgnyteDataGravitySafeguard World Internationalsecuritytech nightmaresVertaforehacking

More about FacebookGoogleHome DepotJawbone

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jen A. Miller

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place