Sony. Global Payment Systems. Zappos. Adobe Systems. Target. Epsilon. Neiman Marcus. Michaels Stores. Yahoo.
If there’s one thing that’s become apparent to the corporate world over the past few years, it’s that no company is too big to fall victim to cybersecurity breaches that compromise its valuable data at the hands of hackers.
When consumers’ personal information (phone numbers, addresses, birthdays) and even more sensitive details (credit card numbers, PINs, passwords) are fraudulently accessed by nefarious entities, this constitutes a five-alarm emergency for affected corporations.
You might think there’s nothing good to say about these types of IT security violations. In the wake of a data breach, consumers become more susceptible to having their identities stolen and other types of fraud perpetrated against them, while companies themselves take huge reputational hits and are sometimes required to pay reparations that end up having significant negative effects on their bottom lines. On top of all this, add the sheer aggravation that cybersecurity breaches cause for professionals and members of the public alike.
That being said, the high-profile nature of the attacks against Target and other well-known brands has allowed the issue of cybersecurity to “finally move out of the shadows to become a top-of-mind issue at major enterprises,” noted Robert R. Ackerman Jr., founder and managing director of Allegis Capital, in a recent article for Xconomy.
“If there’s any upside to the continuing barrage of high-profile hacks, they’ve moved cybersecurity out of IT’s back room and forced the executive team to invest in everything from better security technology to improved education,” Ackerman concluded.
An easier battle
CISOs once faced an uphill battle to convince members of the C-suite and other stakeholders that shoring up corporate security was worth the effort and investment. Now, in the wake of a slew of breaches hitting the headlines, they’re having a much easier time – at least according to a panel of leading CISOs from big-name companies who met to discuss the issue at the SINET Showcase 2013 in Washington, D.C.
“Thanks to The New York Times and Wall Street Journal, now I don’t have to go and educate the board or the senior leadership team,” said panelist Jay Leek, CISO of diversified financial management company Blackstone, as quoted by the news source.
So, just how is senior leadership’s increased openness to mitigating cybersecurity threats manifesting itself?
1) Everyone is nervous
Some aspects of corporate operations clearly and distinctly fall under the purview of The IT Guy, including slow computers, malfunctioning printers, unruly VoIP networks and the like. There was a time when some non-IT members of the C-suite were happy to relegate cybersecurity to the realm of The IT Guy and his superiors – i.e. the CISO – but those days are now gone. The fact of the matter is that a data breach can bring even the biggest corporation to its knees, so doing whatever it takes to make sure this doesn’t happen has very much become everybody’s problem, regardless of whether their roles are IT-focused or not.
2) Security is merging with culture
Unless employees understand why they should observe cybersecurity policies – or any other guidelines or regulations, for that matter – they’re unlikely to do so. Leaders can get across the seriousness of the threat by educating employees about what can happen if they don’t follow the rules. In addition, they can incorporate security procedures into company culture, an aspect about which many firms have historically been remiss.
“As an industry, we’ve failed to invest adequately in training for these skills,” said Alan Calder, founder and executive chairman of cybersecurity services provider IT Governance, of the technical and management skills needed to fend off cybercriminals.
3) Transparency is paramount
The first step of fortifying operations is making sure you have a 360-degree view of the corporate landscape.
“Enterprise security leaders are … looking to better understand what’s happening on their networks and systems at all times, both internally and externally,” explained Ackerman. “That means visibility into how things are working, and using analytics to detect threats and develop effective protection.”
“In today’s security environment, the ability to quickly detect, analyze and remediate incidents is critical,” emphasized Alex Andrianopoulos, vice president of marketing at Guidance Software, in a statement. “To do so, organizations must gain greater visibility into activity across all enterprise endpoints.”
The bottom line
Clearly, companies’ efforts to protect themselves from cybercrime still have a long way to go, especially given the fact that big names such as Target, Neiman Marcus and Yahoo were all successfully targeted within the past few months. However, CISOs can use the attention brought to the issue by these high-profile attacks to their advantage by turning company-wide concern into action.
About Caldwell Partners
Caldwell Partners is a leading international provider of executive search and has been for more than 40 years. As one of the world’s most trusted advisors in executive search, the firm has a sterling reputation built on successful searches for boards, chief and senior executives, and selected functional experts. With offices and partners across North America and in London, the firm takes pride in delivering an unmatched level of service and expertise to its clients.