2012: The year of the CISO

Opinion by Andrzej Kawalec

This year has already proved to be one where security procedures assume the utmost importance within an enterprise, catapulting the CISO's role to the forefront of the business.

This year has already proved to be one where security procedures assume the utmost importance within an enterprise, catapulting the CISO's role to the forefront of the business.

As the economic malaise goes on and hacking technology becomes more sophisticated, threats to an enterprise's security will inevitably increase. Data loss is likely to be caused by insider carelessness just as in previous years, but already in 2012 criminally motivated attacks have approached new record levels as businesses of all sizes have already come under threat.

For example, earlier this year financial information was leaked through an aggressive attack on the Irish telco Eircom. The reason for all this is simple: the parlous state of the global economy.

The continuing series of unpredictable economic and political events across the economies of the US, Europe and Asia will result in sustained high levels of unemployment, further social unrest and, as in all recessions, increased crime – including cyber-based attacks. 

Unfortunately, just as the worst economic conditions since the 1930s take hold, technology has made it easier than ever for would-be hackers and cyber criminals to get inside corporate systems and personal devices. Hacking kits are now easily available to download from the internet and banks are fast becoming one of the prime targets as phishing attacks increase and bogus banking sites are almost impossible to differentiate from the real thing.

The growth in mobile banking and the range of payment-equipped (NFC) mobile phones will also prove irresistible to cyber criminals as the year progresses.

These cyber criminals will also thrive on events such as the London Olympics, so the protection of intellectual property will become paramount. In short, enterprises must prepare to defend their infrastructure like never before.

Organisations need to adapt to this ever-changing landscape as CIOs are increasingly finding that security challenges go beyond traditional IT, into core business processes and right up to board level.

Change is happening faster and faster in 2012. Take consumerisation: hardly anybody had heard of it two years ago, and now it's one of the mega trends. You've also got consolidation, and the shift to the cloud is accelerating all the time.

The CISO must not take on the security threat alone, either as an individual within the company or as a company within the sector. You can build the safest wall around the business but if, for example, telecoms suppliers are not co-operating, the business is still vulnerable.

If customers are not installing anti-virus software, then they can still be hurt by all kinds of phishing and viruses. You can only solve this by working together with the government and other companies. They may embrace consumerisation in an enlightened way that is ahead of rivals, but they know they cannot take their eyes off the ball and that industry still needs to do more.

In order for CISOs to handle their remit effectively, HP would suggest that they aim to document and keep up to date all information security and privacy policies in order to reduce exposure to compliance and privacy risks.

We also recommend that CISOs should provide regular information, security and privacy training. The weakest link in privacy compliance is people: informed and aware personnel are countermeasures against security incidents.

Most of all, CISOs must understand their current risk position in order to set up the company security strategy; they need to understand which parts of the business and what information remains critical and when.

These are only preliminary measures but they will stand an enterprise in good stead to navigate turbulent security currents in the future and for the rest of 2012: the year of threats, the year of co-operation and the year the role of the CISO becomes paramount to survival and growth.

Andrzej Kawalec is global CTO at HP Enterprise Security Services


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events