When Internet security takes a back seat

September 12, 2012/Terry Cutler/Comments Off on When Internet security takes a back seat
money_mag_cover_april_red terry cutler

front cover of money magazine When Internet security takes a back seatWhen Internet security takes a back seat

By Terry Cutler.

Why is it that those in charge of protecting the company’s security network, that database of sensitive customer data – bank cards, credit cards, bank accounts and personal information – don’t seem to spend the money to protect it? This is a question that is baffling to those in the data protection business, and may be more baffling in the years ahead.

CEOs and Chief Security Officers (CSO) do not always see eye-to-eye on this problem. The CEO is budgeting the overall books, while the CSO is focused on his task, and can only submit for his budget. This is understandable. However, a recent survey (http://www.cioinsight.com/c/a/Security/Information-Security-Views-of-CEOs-CISOs-Diverge-Sharply-418309/) released by Core Security which highlights and demonstrates this separation over the security stance of the same company who has the potential to drop a company in a “click”.

Staggering is the first word that comes to mind after a quick read of this benchmark. Only 15 percent of CEOs said they were very concerned about an attack on their network, and didn’t think their systems were under attack or even compromised. There is a large gap between CEO and CSO thinking.

Sixty percent of CSO’s reported being very concerned about attacks and reported their systems were already penetrated. Yet with all the breach threats filling the news, and the numbers in dollars lost rising with each attack, or even a threat, the report unearthed that 36 percent of CEOs don’t deem it necessary to get a security briefing from the member of their own security team. It is inevitable. With large customer databases becoming the norm with big companies, the norm for hackers is to go after the company. Decide this at the board level, or decide how to fix it later, of course at a loss of reputation and customers and millions.

It isn’t fashionable to call Internet security unimportant, yet CEO’s continue to scoff at filtering money in that direction. This is risk management of the grandest form. One breach can cost millions. As I have written in previous blogs, that extra money may go to training that one employee not to “click”, or maybe not?

It’s the CEO’s call.

 

Posted in

Terry Cutler

I’m Terry Cutler, the creator of Internet Safety University, an educational system helping to defend corporations and individuals against growing cyber threats. I’m a federal government-cleared cybersecurity expert (a Certified Ethical Hacker), and the founder of Cyology Labs, a first-line security defence firm headquartered in Montréal, Canada. In 2020, I wrote a bestselling book about the secrets of internet safety from the viewpoint of an ethical hacker. I’m a frequent contributor to National & Global media coverage about cyber-crime, spying, security failures, internet scams, and social network dangers families and individuals face daily.