Content

Pondering IT security basics

In this month's View from the Top feature, we get some insight into what a panel of 100 CEOs thinks about information security. What we found was that while many respondents are quite optimistic about information security risk planning, showing intentions to bolster their security practices in the next five years, they also seem to underestimate the IT security risks they face in a corporate world resting on a technological backbone.

Worth reviewing a little more, a majority of respondents don't have an official written information security policy, and 47 percent do not actively train employees on information security risks. After recently speaking with a CSO of a long-standing enterprise, I was troubled to find out that as the economy continues its downward spiral one of the first line items his company cut was IT security awareness training. Yet, given that social engineering, phishing and other end-user focused attacks are alive and kicking, it helps to address one of the more worrisome security problems with which he must struggle.

Another IT security leader at a large university just shared with me a phishing attack that is making the rounds in his college. Making requests of faculty, staff and students for webmail account information due to an impending website upgrade, the scam prompted some end-users to pass along their information to avoid any possible hiccups in service. He's now trying to determine the extent of the problem to ensure that no account holders gave up information that potentially could expose personally identifiable information. Meantime, he's sent out a note to all members of the college, explaining what to look for in official correspondence from university officials.

Although a few CEOs may indeed view some IT security practices as superfluous, the fact is there are fundamentals that just can't be underestimated. Policies, training and simple awareness campaigns that keep employees updated on risks and solutions can't be overlooked. Even if money's tight, these basics often can be executed inexpensively and can have a great effect on how employees think about IT security threats to corporate and their own personal information.

Speaking of employees, please help me to welcome our new Reporter Angela Moscaritolo. With a strong newspapering background, Angela's got a nose for industry news and is ready to hear from you.

 

 

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.