Richard Clarke offered his views at our recent SC Forum on why cybercriminals and virtual insecurities still plague companies. He noted that no calamitous national cybersecurity event has awakened the masses, private data continues to be pinched, potential online shoppers fear ID theft, companies still opt to "buy crummy products," homogenous infrastructures dominate, research and development efforts are too few and CEOs fail to understand the need for IT security because cisos continue failing at helping them better their understanding. The government, too, is shirking its responsibilities regarding cyberspace because no high-ranking champion is in place.
It's a gloomy picture. however, positive changes have come during these last five years. After all it was only a few years back when many folks hadn't even heard of a VPN, for instance. Now, many use them. And let's not forget that cisos, csos and other practitioners dedicated specifically to securing IT infrastructures have cropped up among the rank and file, revealing information security's importance in the corporate world. Plus, that patchwork legislation and the many ID theft incidents that have gone public because of it has propelled federal legislators to push proposed laws that can be likened to California's SB 1386.
While some might argue that these counterpoints are a bit shallow and too few, they are indicators of progress. The battle for IT security resources, staff and dollars rages every day, but it is getting better. Slowly but surely companies are trying to get a handle on their IT security postures -- and, even if that means finally adopting one, it's still progress.
As we close another year, my hope is that when Richard Clarke joins us at another of our events, there actually will be a few comments he can make on why cyber-related vulnerabilities and attacks are being better handled by vendors, private organizations, government and individuals alike.