Main Takeaways for CIOs from the Global C-Suite Study

Technological advances are transforming the way we connect, disrupting the status quo and creating huge turbulence. Industries are converging, and new opportunities and threats are emerging, as never before.

— ­IBM IBV 2016 Global C-suite Study – The CIO Point of View

The pace of change is top of mind for CIOs. We live in an age where technology is nearly obsolete by the time it has been implemented and deployed. Gone are the days of 5-year and 7-year technology deployment plans, instead CIOs must oversee a near-continuous digital transformation of their enterprise, constantly. Add to that the critical nature of today’s technology infrastructure — i.e. can your business run without computers, networks, or the Internet — and you get a good sense for the level of stress CIOs are facing today. Continue reading at IT Biz Advisor

Rising Tides and Higher Stakes – High Performance Counsel Interview with Chuck Brooks

The specifics of a security approach may vary according to circumstances, but the mesh that connects the elements is situational awareness combined with systematic abilities for critical communications in cases of emergency.

What are the new Cybersecurity Stakes – What are vulnerabilities and risks?

We live in world of algorithms; x’s and o’s. Our digital world is ripe for access and compromise by those who want do harm from just a laptop and server. A myriad of recent breaches have demonstrated that as consumers we are becoming more and more dependent upon digital commerce. Our banking accounts, credit cards, and financial daily activities are interconnected. We are all increasingly vulnerable from hackers, phishers, and malware proliferating across all commercial verticals.

In the past year, the employment of ransomware has become a method of cyber-attack choice by hackers. This is because many networks (especially hospitals, utilities, universities, and small businesses) are comprised of different systems, devices and often lack required patching and updating necessary to thwart attacks. The recent Wannacry, and Petya attacks were certainly wake up calls to the disruptive implications of ransomware. We can expect to see more such attacks because of the ease of infection and because the vulnerabilities to networks still remain. Continue reading “Rising Tides and Higher Stakes – High Performance Counsel Interview with Chuck Brooks”

Testing Top Leadership’s Muscle Memory With Data Breach Simulations

How would your organization’s leadership fare in its response to a full-on data breach? Regular and ongoing training can improve top leaders’ ability to respond to a cybersecurity breach and avoid doing additional damage to the reputation of the company as they deal with the repercussions.

Organizations simply cannot afford to be lax about their level of preparation to a cybersecurity event: Shareholders, government regulators and consumers won’t be keen on businesses who take a weak approach to cybersecurity. A data breach is something that has to be not simply considered and discussed a couple of times a year, but actively prepared for and drilled against. Obviously, incident response teams must practice and fine-tune their responses on a near-continuous basis, but many organizations don’t realize that executives should do the same. Continue reading at SecurityIntelligence.com

Four Ways CISOs Can Play a Key Role in Educating Top Leadership About Cyber Risks

“There are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns — the ones we don’t know we don’t know.” — Donald Rumsfeld, former U.S. Secretary of Defense

Board directors are under pressure to demonstrate effective oversight of cyber risks — something which, admittedly, they know little about. Is there anyone better suited to educate top leadership about cybersecurity than the chief information security officer (CISO)? Perhaps in a decade or two, those in CEO, chief financial officer (CFO) and board director roles will receive enough education and on-the-job experience to have a solid grasp of cyber risks. Continue reading at SecurityIntelligence.com

Closing the Awareness Gap Requires a Team Effort

In March 2017, Forbes made the case that the IT skills gap is really more of an awareness gap: “College graduates’ skills are not visible to employers because while they’re leaving colleges and universities with transcripts and resumes, employers aren’t able to see the skills they’ve developed through coursework and co-curricular activities.”

Until academic programs provide current and prospective students with documentation on how their multitude of classes translates into mastery of different skills, students are left trying to connect the dots on their own. But to connect the dots, students must step back and reflect on their lessons and experiences to translate them into skills — quite a challenging task in the midst of an academic term or degree program. Continue reading at SecurityIntelligence.com

Security Awareness: Three Lessons From Health Campaigns

“If you are doing the same things you did five years ago to keep your business and its data secure, then you do not have an effective security awareness program.” — Michael Corey, technologist and columnist.

A recent study found that nearly 4 out of 5 health care IT executives view employee security awareness as their biggest information security concern. Verizon’s “2017 Data Breach Investigations Report (DBIR)” found that cybercriminals used social attacks in 43 percent of breaches, while 66 percent of malware was installed using malicious email attachments. Meanwhile, 7.3 percent of users fell for phishing attacks by clicking a malware-laden link or opening an attachment. Continue reading at SecurityIntelligence.com

Cybersecurity Hiring Woes? Time to Consider a New Collar Approach

“There are over 5 million jobs open in this country. The reason they are not filled is skills.” — Ginni Rometty, IBM CEO, speaking to Fox Business about new collar jobs.

Organizations are suffering from an inability to fill vacant technology and cybersecurity positions. A four-year wait for students to complete their curricula is an eternity for the technology sector given the rapid pace of innovation and change in the field. And since most organizations today cannot run without technology and an appropriate level of cybersecurity, this skills gap really extends to entire countries. A March 2017 report by Frost and Sullivan predicted that the number of global unfilled positions will reach 1.8 million by 2022. Continue reading at SecurityIntelligence.com

Five Strategies to Help Recent Graduates Close the Awareness Gap

This form of underemployment, over the long term, impacts the ability of this incoming workforce to receive appropriate compensation and deal with ever-increasing student debt. Being held back early on in one’s career can impact future jobs and pay.

While information security employers decry the skills shortage, a recent Forbes article pointed the finger at a different reason for the perceived gap between what employers want and what job seekers are able to bring to the table: an awareness gap. This gap is due to the widespread inability of college graduates to fully articulate the range of skills and experiences they developed during their time in college and through extracurricular experiences. Continue reading at SecurityIntelligence.com

Shared Responsibility in Cybersecurity

Sober strategic thought suggests that if you cannot immediately defeat and subdue an adversary through immediate and overwhelming strength, by using surprise, speed, and violence of action, your best course of action is to bleed your adversary, over time and through asymmetry, by attacking their strengths. In the case of the West, our strengths are two: the economy and our democratic institutions (the latter of which we will not discuss in depth in this piece, as we are primarily focusing on the private sector).

The safety of the Internet is at stake.  A relatively obvious comment, but one which is neither unfounded, nor wrapped up in the auto-hysteria, as so many cybersecurity conversations are today.  Why do we say this?  A simple reason really: because the Internet is no longer used as it was originally designed – a benign information-sharing tool, used primarily for knowledge and research, by a select group users.  Today, but also arguably for the last 15 or so years, the Internet is a “wild west” with more and more actors entering it every day.  Intent of these actors may be fairly obvious – we want to order something online and have it shipped to our door – or it may be shrouded in controversy and obfuscation, making attribution a seemingly impossible task.

Despite this environment, we still must go on about our daily lives, unless of course we are willing to change our daily lives, which would almost certainly result in a lower standard of living. Continue reading “Shared Responsibility in Cybersecurity”

Building a Cybersecurity Culture Around Layer 8

“Cybersecurity must accommodate and address the needs of people through process and cultural change.” — Gartner press release dated June 6, 2016

The term layer 8 is often used pejoratively by IT professionals to refer to employees’ lack of awareness and a weak overall cybersecurity culture. While organizations continue to purchase and deploy technical controls, not much has been done to focus on the human side of cybersecurity. Today, it is just as important to secure human assets — layer 8 — as it to secure layers 1 through 7. Continue reading at SecurityIntelligence.com