Chief Security Officers from several top technology firms and government
agencies say computer worms, viruses and regulatory compliance are likely
to be the hot button issues that will keep them awake at night in 2005.
At the second CSO Interchange in New York this week, organized by
eBay CSO Howard Schmidt and Qualys CEO Philippe Courtot,
more than 85 CSOs exchanged ideas and concerns on a range of security issues
affecting their organizations.
From disaster recovery and regulatory compliance to the need for more
corporate investment in security, the forum provided executives from corporations,
government agencies and other enterprises the opportunity to share real-world
experiences with their peers, according to organizers.
During the one-day event, nearly 85 percent of the CSOs polled said their
organization’s security budgets had increased during the past years, but 61 percent
still say they are under-funded.
Nearly 70 percent said online fraud was a major concern facing their organizations,
yet only half felt their departments were sufficiently dealing with the increasing problem,
according to survey results released by CSO Interchange. Fifty-four percent had not
yet rolled out any kind of additional measure to avoid pervasive phishing scams.
Courtot, who co-founded the event with former White House advisor Schmidt, said the idea
was to put top executives making security decisions together with others from varying types
and sizes of organizations together.
“Today’s CSOs are facing similar obstacles and issues across varied industries and
businesses, and this provides an occasion for them to connect,” he said.
While CSOs often walk a tight line between the need to meet the bottom line and the need
for increased security to protect assets, the majority of those participating in yesterday’s
event believed that not enough is being done to protect against these threats.
“It doesn’t matter how much money you have; it is never enough,” Courtot said.
Courtot said corporate executives have increased their attention span in recent years
when it comes to security issues, especially during the days of the malicious viruses and
worms, even if the numbers produced at the forum don’t bear him out.
The large majority of executives also claimed legislation now has a big influence on
decision-making, and more than 80 percent said security was now a part of their company’s
Sarbanes-Oxley reporting.
“In most cases, the CSO is the individual responsible for bridging technical security
issues with bottom-line business challenges,” Jaime Chanaga, CSO of Geisinger Health System,
said in a statement. “Issues such as cyber attacks, online fraud and zero-day exploits
can have billion-dollar impacts and deserve the full attention of the organization.
“As CSOs, we need a direct link to our corporate boards and to each other to make more
informed decisions,” Chanaga continued. “Sharing information about security issues and openly discussing solutions
help us make more informed decisions that will better protect our organizations and customers we serve.”
Additional survey highlights include:
- Fifty-eight percent of CSOs rated worms, viruses, Trojan horses, and regulatory
compliance as their top security concerns; - Sixty-two percent of CSOs believe they do not get sufficient early warning for major
cyber attacks; - Sixty-nine percent said their jobs have become more difficult over the past year;
- Eighty percent of CSOs reported that cyber attacks had a bottom-line financial
impact on their organizations; - CSOs reported that 82 percent of their top executives are concerned about data
privacy.