IT executives must stop being so technology-focused and start talking with government leaders and politicians about data lost risks and cyber security.
Noting that most IT people, particularly CIOs and CTOs do not understand the language of business, Erick Stephens, CTO-Asia Pacific, Microsoft Public Sector, lamented that "because we are so techie, we talk about big data, and we lose the opportunity to talk with the politicians."
Talking with politicians and government leaders, he pointed out, "will become very relevant with cyber security because all digital assets (information) will be at stake."
"Who owns the risk?" he asked, "the Chief Executive Officer or the business owner?" Not the Chief Information Officer or the Chief Technology Officer, he emphasized. "They have to tell us the amount of risk so we can manage what is possible with our resources. Government (and business) needs to understand that IT's role is to provide management with the right information. They must understand that CIOs and CTOs are enablers."
Stephens, together with Dough Farber, managing director, Enterprise Asia Pacific, Google Enterprise; and Bill Chang, CEO Group Enterprise, SingTel, shared their experiences at the Innovators Plenary Panel on "Innovating to Meet the Next Wave: New Technologies, New Strategies" that was held during the CommunicAsia 2013/EnterpriseIT2013 exposition that ran from June 18 to 21 at Marina Bay Sands in Singapore.
Noting the IT people's diminishing role in board rooms and their waning influence in the C-suite executive levels, Chang asked "why can't every CIO be a chief innovation officer, and every CTO be a chief transformation officer?" There are great responsibilities for these executives, he noted, "and there is huge opportunity for CIOs and CTOs to make a difference."
Stephens said the ability to explain technology as an enabler will become important when dealing with cyber security. "Criminals will follow the money, and the money will increasingly be in digital assets," he warned.
New Approach to IT Security
"Traditional IT security defenses are struggling," Stephanie Boo, regional director for South Asia Pacific at FireEye, told a workshop on mobile security that was dubbed "What Keeps CIOs up at Night?" He noted that "banks are still being robbed everyday (over the Internet)" due to data leakage, for example.
As governments push for a mobile-enabled citizenry and businesses, she said a bring-your-own-device (BYOD) workforce must be considered carefully. "For a malware to gain entry into the network, it just needs to compromise one person with access such as the office receptionist, and not all the employees," she cautioned.
She said a new breed of attacks is able to evade signature-based defenses and the use of pattern matching is not effective against the new threats.
"One main attack vector are the apps (browser, plug-ins, Flash, etc.)," Boo said. "They give you the apps not for you to engage the game, for example, but to use them to get into your system."
She enumerated several factors that have caused "the perfect storm" as far as IT security is concerned. These are: wave of innovation (mobile, social, Cloud, Big Data); more than 50 countries arming for cyber espionage/warfare; the absence of a global governance or global law enforcement model; increased greed and cyber sensationalism; and new types of attacks launched by new actors.
For his part, Ronald van Kleunen, CEO of Globeron Pte. Ltd, said: "Security has always been an afterthought. How many organizations are able to detect a wireless hacker in the services they provide their customer?"