Evidence is mounting that high-ranking executives and other business leaders are finally beginning to appreciate the importance of cybersecurity. Just this week, the online edition of The New York Times reported that several high-profile businesses, including Neiman Marcus, were conducting searches for Chief Information Security Officers (CISO).
Though the positon has existed for a decade or more, the job title is still not all that common on the org charts of businesses outside the government sector and the security and technology industries. That large retailers and other mainstream businesses are headhunting CISOs suggests a heightened awareness by business leaders of both the threat of online breaches and their bottom-line impact, asserts The New York Times article, which also provides an informal job description.
“Chief information security officers have one of the toughest jobs in the business world: They must stay one step ahead of criminal masterminds in Moscow and military hackers in Shanghai, check off a growing list of compliance boxes and keep close tabs on leaky vendors and reckless employees who upload sensitive data to Dropbox accounts and unlocked iPhones.”
Chorus of Voices
It shouldn’t be shocking that mitigating exposure to cybersecurity breaches now has the notice of executive leadership — and even the board of directors. Revelations of rampant surveillance and espionage activities, as well as the cyber takedown of a major retailer, have been followed by a steady chorus of voices now proclaiming cybersecurity to be as much a business problem as an IT problem. Business leaders would need to be living under a rock or in a vacuum to remain unaware of the business ramifications of ineffective cybersecurity.
The shrillest of those voices might still belong to Edward J. Snowden, the NSA whistleblower, who was again in the news this month. In an interview with The Guardian newspaper that was picked up by several media outlets, one of the world’s most famous fugitives cautioned professionals, such as lawyers, doctors, accountants and journalists, to better protect digital information from surveillance operations and cybercriminals.
Security experts appear hard-pressed to disagree with Snowden on this topic. Putting Big Brother issues aside, Alan Woodward, who is labeled a security expert and visiting professor at the Department of Computing, Surrey University, in a SCMagazineUK article, says it just makes good sense for holders of sensitive information to encrypt data residing on digital devices. He added, though, that on-device data encryption is infrequently applied to mobile end points.
“There’s surprisingly little adoption of it, particularly encryption of laptops,” said Woodward. “Encryption of devices that can be stolen unfortunately is still relatively low.”
Advisory groups and experts from specialized business sectors have also been spreading the word, ramping up efforts to educate executives and end users of the legal, reputational and competitive risks connected with less-than-vigilant cybersecurity and privacy practices. In a July InformationWeek column, Mansur Hasib, author of two books on cybersecurity in the healthcare industry, cited a critical lack of understanding and under appreciation of the importance of cybersecurity among the executive ranks of healthcare organizations.
Though he says the situation has improved in the wake of recent high-profile security breaches, the longtime CIO calls for healthcare organizations to elevate the job titles of digital security experts, as well as give them places at the executive conference table.
Perhaps the most persuasive evidence available to corporate executives that cybersecurity is no longer the exclusive domain of IT is recent legislation from the US government. The Hill reported earlier this month that the Senate Select Committee on Intelligence passed the Cyber Information Sharing Act (CISA), a bill intended to improve collaboration between the federal government and American businesses in thwarting cybersecurity attacks.
“Every week we hear about the theft of personal information from retailers and trade secrets from innovative businesses, as well as ongoing efforts by foreign nations to hack government networks,” said committee chair Senator Dianne Feinstein in a statement. “This bill is an important step toward curbing these dangerous cyber attacks.”
Though the bill sailed through the Intelligence committee, its passage by the full senate is far from assured due to concerns from lawmakers over personal privacy issues, according to this Forbes.com article.
Regardless of the outcome of the legislation, that one of the most inactive congresses in recent history has been moved to assist businesses to take greater steps to thwart cyber attacks speaks volumes about the urgency of the situation.
Loud & Clear
If the last few weeks are anything to judge, leaders of businesses and large organizations are being bombarded from a variety of sources with the same message: cybersecurity demands your attention. The good news is that the brain trusts of the world’s largest and most influential organizations appear to be increasingly receptive.
That bodes well for the CIOs and CISOs who have been stranded at the cybersecurity frontlines for the past few years, often backed by only stopgap enterprise mobility solutions from suppliers lacking a rich pedigree in cybersecurity.
It looks like reinforcements are finally on the way.
Breaking Cybersecurity News
For the latest information on mobile enterprise security, look for upcoming dispatches from the June 29th BlackBerry Security Summit in New York City.