Illena Armstrong, editor-in-chief, SC Magazine
Illena Armstrong, editor-in-chief, SC Magazine

In this month's View from the Top feature, we get some insight into what a panel of 100 CEOs thinks about information security. What we found was that while many respondents are quite optimistic about information security risk planning, showing intentions to bolster their security practices in the next five years, they also seem to underestimate the IT security risks they face in a corporate world resting on a technological backbone.

Worth reviewing a little more, a majority of respondents don't have an official written information security policy, and 47 percent do not actively train employees on information security risks. After recently speaking with a CSO of a long-standing enterprise, I was troubled to find out that as the economy continues its downward spiral one of the first line items his company cut was IT security awareness training. Yet, given that social engineering, phishing and other end-user focused attacks are alive and kicking, it helps to address one of the more worrisome security problems with which he must struggle.

Another IT security leader at a large university just shared with me a phishing attack that is making the rounds in his college. Making requests of faculty, staff and students for webmail account information due to an impending website upgrade, the scam prompted some end-users to pass along their information to avoid any possible hiccups in service. He's now trying to determine the extent of the problem to ensure that no account holders gave up information that potentially could expose personally identifiable information. Meantime, he's sent out a note to all members of the college, explaining what to look for in official correspondence from university officials.

Although a few CEOs may indeed view some IT security practices as superfluous, the fact is there are fundamentals that just can't be underestimated. Policies, training and simple awareness campaigns that keep employees updated on risks and solutions can't be overlooked. Even if money's tight, these basics often can be executed inexpensively and can have a great effect on how employees think about IT security threats to corporate and their own personal information.

Speaking of employees, please help me to welcome our new Reporter Angela Moscaritolo. With a strong newspapering background, Angela's got a nose for industry news and is ready to hear from you.