WSJ Explores What Keeps CIOs Up at Night
These days being a CIO or CISO comes with a ton of worries and risks. Recently, The Wall Street Journal talked with CIOs and CISOs about what keeps them up at night. Below are highlights from their findings, some of which may surprise you.
Top CIO/CISO Worries:
Quantifying Risk — Liane Pelletier, who has worked with telecommunications providers told the Journal that she tracks how much of the company’s software in use is the latest. That’s because it gives her a good indication of how well they’re doing at patching vulnerabilities that could lead to hacks. In addition, she pays attention to detection speeds for significant intrusions and compares them with industry averages provided by Carnegie Mellon University. Pelletier told The Wall Street Journal, “The most horrifying thing is to find an incident and find it’s been going on for nine months. What a sick feeling in your stomach.”
Managing Access — As the business world becomes more mobile and work takes place outside the safety of the perimeter, those tasked with security are looking at how to best secure data and assets. The Journal reports, “One approach is a strategy called zero trust, where users are given access to sections of apps or data, rather than entire networks, by going through strict identity-authentication measures.
Trusting Your Partners — An Accenture study reports, “About 36% of companies don’t apply the same or higher security standards to their partners as they use internally.” As we saw from the Target hack, your partners’ vulnerability is YOUR vulnerability.
Understanding Your Enemy — Knowing who is involved in a cyberattack can help companies understand the breadth of systems affected by an incident, from where the next attack might come or what information attackers are seeking, all factors in providing better security.
Waiting for Government Security Clearance — Government security clearance is critical for businesses that support a country’s infrastructure. Employees who are granted security clearance can access classified cyberthreat information from federal agencies.
Knowing What to Report — When a data breach or cyberattack occurs, businesses are expected by the public and by the government to report the incident. How much and what, specifically, can be confounding. The Journal reports that the SEC looks for “descriptions of how they determine the severity of security gaps and incidents, and how senior executives and the board communicate about cybersecurity, as well as specifics about how the board handles its oversight of cyber risk.”
Avoiding Financial Disincentive — Some businesses have begun to explore the concept of basing executives’ compensation on how well they meet cybersecurity goals, whether prescribed by the organizations they serve or by governing bodies like the National Institute of Standards and Technology.
Well, we can certainly agree that CIO/CISO roles are enormous in both work to be done and the huge responsibility that comes with making sure the organization remains secure and compliant. With all of this going on, the IT budget can pose yet another problem for them. That’s why the smartest tech leaders of mid-market organizations know about TechTrust—a unique technology buying service that provides cash-back allowances to expand IT budgets.
Giving YOU Back Even More!
