6 Observations About Cybersecurity Based on Two New Surveys
In an increasingly connected world, the public interest in cybersecurity issues is growing, and more research is being done in the field than before. Forbes contributor Gil Press breaks down the results of two recent cybersecurity studies – PwC’s survey (in partnership with CSO, the U.S. Secret Service and the Software Engineering Institute CERT® Division at Carnegie Mellon University) of more than 500 executives at U.S. businesses, law enforcement services and government agencies and Dark Reading and Black Hat’s survey of 460 cybersecurity professionals. Press identifies six main takeaways: that cybersecurity is a fast-growing, but poorly understood, business risk, that organizations often neglect the required investment in people in processes regarding cybersecurity, that people are critical to cybersecurity and often overlooked, that cyber threats can exist both inside and outside organizations, that cybersecurity leaders understand the importance of their work to overall organizational health and strategy and that cybersecurity “laggards” often don’t see the overarching importance of cybersecurity.
CISO Transitions: Experience Alone is Not Enough
The role of chief information security officer (CISO) has evolved as technology changes, and Deloitte’s recent CISO Transition Lab gained insight into some of the most pressing issues facing the role of CISO. The workshop, which revealed that the key barriers CISOs face are funding limitations, advancing sophistication of cyber attacks and insufficient governance and strategy, was designed to help cybersecurity executives successfully move into the CISO role. According to Deloitte, there are four main “jobs” within the CISO position: strategist, adviser, guardian and technologist. Government Technology staff writer Eyragon Eidam shares insights from cybersecurity experts and event attendees on the changing dynamics of the CISO role.
Banks and cybersecurity from a regulatory and a risk perspective
Closing a six-part series on privacy and security by the Data Privacy & Security Group of Quarles & Brady LLP, Stan Orszula discusses the constant cyber threats that banks and financial institutions face because of the valuable personal information they hold. Banks are spending more money and resources on cybersecurity, and boards and senior management are gaining interest in the area, which used to be more of an IT function. Orszula discusses the risk aspects of banks and financial institutions’ cybersecurity challenges, the legal and regulatory standards banks must meet, the implications of increased focus on third-party vendor management, cybersecurity insurance and board and senior management cybersecurity leadership.
Training tomorrow’s security talent
In a growing cyber threat environment, cybersecurity professionals are essential, and Cisco reported 1 million unfilled cybersecurity jobs last year, facts that point to a need to train young talent and further develop ways for young people to enter the cybersecurity workforce. Monster and the Center for Internet Security have partnered to bridge the supply and demand gap in the cybersecurity field. CSO’s Kacy Zurkus interviews cybersecurity experts on the need to fill the demand for cyber talent and what organizations are doing to train and prepare young people for cybersecurity careers.
Cybersecurity boot camp draws congressional staffers to Stanford
Thirty Capitol Hill staffers recently attended the Congressional Cyber Bootcamp, a three-day intensive cybersecurity training session at Stanford University. Security experts and representatives from companies such as LinkedIn, Intel, Uber and FireEye discussed the complex threat landscape, recent global cyber attacks and the cybersecurity implications of the increasingly connected Internet of Things. The training was designed to give congressional staff an immersion in the complex world of cybersecurity.
Do CIOs and CISOs Get Covered in Cybersecurity Litigation?
Businesses often handle sensitive information about customers, employees and intellectual property, and as a result they should always be concerned about cybersecurity. As data breaches grow in number and scale, companies should be prepared to address lawsuits and liability issues in the event of attack. According to lawyers and cybersecurity experts Daniel Garrie and Yoav M. Griver, CIOs and CISOs are “natural targets of post-breach lawsuits” and should “expect to be sued in increasing numbers.” Since executives cannot avoid being sued Garrie and Griver say that they should work to avoid being judged liable in the event of lawsuits by taking precautionary measures. The measures they suggest that each executive take include taking an active role in evaluating company cybersecurity measures, creating interdisciplinary teams of in-house technical business and legal stakeholders and outside counsel, and reviewing company insurance policies to determine if the company is covered for lawsuits filed directly against the CIO and other executives.