CEOs finally started to deal with cyber-security threats, but only after they learned failure to act will cost them their jobs.
The trend started after Target fired its CEO, Gregg Steinhafel, in May 2014 over a hacker attack on its millions of customers during the 2013 holiday selling season.
It’s one thing to be attacked but it’s another to act too slowly to deal with it. Shockingly,
Mr. Steinhafel learned that Target’s point-of-sale terminals were vulnerable, but he apparently was nonchalant and very slow in dealing with the issue.
Target’s revenue dropped $21.5 billion or 3.8 percent in Q4 2013. That was the hammer that finally got the attention of the suits.
Now, not only are CEOs on notice, but boards of directors are, too. The National Association of Corporate Directors is now mindful of cyber issues.
It’s been too long in coming. Many CEOs had been unaware about the dangers.
Indeed, two business professors – University of Virginia’s Tim Laseter and Dartmouth’s Eric Johnson – argue there’s “A Better Way to Battle Malware.”
They argued in their lengthy July 2010 article that senior executives could implement production quality controls to conquer cyber security issues.
USA Today first reported in 2010 that many CEOs were indifferent about the dangers to their firms when it comes to Internet security.
Eighty-one percent of information-technology professionals believed that their companies’ senior managers still do not comprehend the need to take proactive steps to ward off security threats.
That’s according to a study of nearly 591 of IT pros by the Ponemon Institute for NetWitness. Not only did it involve opinions about CEOs, the same fears were attributed to a lack of understanding by government agencies.
In addition to the 81 percent concerning senior executives, the study reports other red flags:
— 83 percent indicated their organization has been a recent target of advanced threats
— 41 percent said they were frequently attacked
Confirmation of data
Is it really possible that senior executives didn’t fully comprehend IT security dangers?
“Our experience confirms the validity of these statistics,” agreed Stan Stahl, Ph.D. “The cybercrime problem is only going to get worse as more and more small and medium size businesses fall victim to online bank fraud.”
Commenting in his blog, Dr. Stahl is a widely known pioneer and consultant in security and the prevention of identity theft.
— He is the expert on Federal Trade Commission rules under the Gramm Leach Bliley Act governing non-public personal information by financial institutions.
— He is also president of the Los Angeles chapter of the Information Systems Security Association, a nonprofit, international organization of information-security professionals and practitioners.
“The biggest challenge we see is helping the men and women who have to dedicate resources (people or money) understand (1) why they need to improve the security of their information systems, (2) the basic steps involved in improving systems security, and (3) the ancillary competitive benefits they can get from improved information systems security management,” he writes.
Intellectual property thefts
Indeed, the Ponemon study also indicates 44 percent of attacks result in the theft of confidential information, and 45 percent of the cyber strikes result specifically in the “theft of intellectual property.”
“It’s to meet this challenge that we in the Los Angeles Chapter of the Information Systems Security Association have embarked on an aggressive Community Outreach Program,” writes Dr. Stahl. “Our objective is nothing less than to raise information security awareness.” (The association has local chapters in multiple cities, www.issa.org.)
Infographic on the importance of network security
From the Coach’s Corner, editor’s picks for related information:
4 Values to Hire Best Security for Today and the Future — Naturally, with all the cyber-security scandals, it’s increasingly vital to hire the right personnel to protect your business data. Not only is it imperative to deal now with current cyber threats, but to protect your business in future years.
Best Practices to Buy Cyber Insurance for Business Security — Security has become problematic in all sectors – business, nonprofits, government, politics and individuals. The aggregate financial losses are so staggering, cyber insurance is a necessity.
How CIOs Can Get More Respect in the C-Suite — Yes, it’s disappointing to know that senior executives are still in the dark. But IT pros can solve this problem, if they learn how to get recognition for their potential to help their companies.
Thought Leadership — Why Companies Hire Management Consultants — Companies want knowledge. A good idea can be worth $1 million and more. That’s why companies hire thought leaders. It’s also why you see many consultants position themselves as thought leaders and give away free information in how-to articles or studies, which lead to books, seminars and being quoted in the media.
“Distrust and caution are the parents of security.”