Hackers erode job security for tech execs

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.journalgazette.net/article/20140310/BIZ/303109992/1031

Hackers are putting top technology executives under pressure. And last
week's sudden departure of Target's chief information officer in the wake
of the company's massive pre-Christmas data breach has only ratcheted up
the stress.

Years ago, the job of a CIO focused mainly on the upkeep of computer
systems. In their largely behind-the-scenes roles, most of their major
decisions centered on the kinds of technological innovations a company
would adopt, when and how much to pay for systems upgrades, and the
creation and maintenance of company websites.

But the rise of computer crime in recent years changed the job description.
At the same time, the surging use of personal smartphones and tablets in
business settings has given CIOs even more technology to manage, along with
countless new points of entry hackers can try to use to breach their
systems.

As a result, CIOs have their hands full and a much more high-profile role
than ever before.

Target Corp.'s breach sent shockwaves through the profession. And CIOs from
companies in all varied industries are using the breach as a rallying point
to call attention to their struggle and garner additional funds and
manpower to fight digital threats.

Cyberattacks were on the rise long before Target's news that hackers had
stolen 40 million debit and credit card numbers, along with the personal
information of as many as 70,000 people.

A 2013 Hewlett-Packard Co.-sponsored study by the Ponemon Institute found
that the average annual cost of cybercrime incurred by a benchmark sample
of U.S. organizations was $11.6 million per organization, a 26 percent
increase from the previous year.

For numerous companies, the Target breach was a pivotal event that
permanently altered the way they approach data security.

Many CIOs say they're receiving more support, but they say the trade-off is
that they're facing increased scrutiny from their CEOs and other
executives. If their fortress walls fall to hackers, their jobs will be on
the line.

Ken Grady, CIO of life sciences company New England BioLabs Inc., says the
increased attention to data security has prompted much-needed support from
colleagues. But that backing comes at a cost.

"If I have a breach in spite of all that, I need to be able to say that we
did everything we could to prevent it," Grady says. "If I can't do that,
then it would have a negative effect on me."

Analysts believe the Target data theft couldn't have had a positive effect
on Beth Jacob, who had served as the company's CIO since 2008. Target said
last week that Jacob's resignation was her decision, but analysts say Jacob
took the fall amid a slew of bad publicity for the Minneapolis-based
company.

Target is in the midst of overhauling its information and compliance
division and plans to look outside the company for a chief information
security officer and a chief compliance officer, two newly created
positions.

Tim Scannell, director of strategic content for the CIO Executive Council,
a professional trade group, says companies have come to realize the
importance of security. The result: boosted budgets and staffing increases.

"I think CIOs are getting more respect," Scannell says. "They're winning a
seat at the table. But along with that, we have a heightened security risk,
so they're under pressure to do something about it."

Meanwhile, the number of potential ways to breach any given computer system
has soared in recent years with the rise of smartphones and tablets, which
along with home computers are used to remotely access company systems.

Daniel Ives, an analyst for FBR Capital Markets, says that while retailers,
financial and health care companies have the most to lose in the event of a
cyberattack, any company that so much as uses mobile phones or puts
customer data on their networks is also at risk.

"Getting on the cover of The Wall Street Journal in some cyberattack is a
CIO's worst nightmare," he says. "They're the bodyguard and the linchpins
of the companies they work for more today than ever before, because of the
amount of data that's out there."

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!