Get this: 90 percent of computer security professionals havedetected security breaches at their organizations, according toa recent survey by the Computer Security Institute. But only 26percent of attendees at the recent CIO-100 conference (CIOs andother top executives) said their company had ever been hacked.”These people are being hacked; they just don’t know it,” saysDavid Cooper, CIO at Lawrence Livermore National Laboratory,featured in Tom Field’s “Protection Money,” beginning on Page172. Clearly there’s a disconnect between CIOs and theirsecurity staffs.Such ignorance might explain the perplexing lack of interest ina last-minute addition to the CIO-100 agenda on security: apresentation by John Tritak, director of the CriticalInfrastructure Assurance Office at the U.S. Department ofCommerce, followed by a panel of security experts andsecurity-minded CIOs.Tritak represents the federal government’s concern forprotecting our information infrastructure. But as 90 percent ofthis infrastructure is in private hands, he says, the governmentneeds to build partnerships with the private sector. So far, itseems, private industry hasn’t been all that receptive, andTritak issued a warning should that persist. “If companies arenot viewed as proactive and something catastrophic should takeplace, it could have a negative impact on private industry,” hesaid in an understated but clear threat of governmentintervention.If you don’t think security threats are widespread, considerthis: An executive from an online business who attended thesecurity session told panelists that 30 minutes after theybrought their site up, it was being hit by hackers. “I’msurprised it took them that long,” said one of the panelists,Mudge, vice president of research and development at @stake. (Tohear him talk, the electronic world is like the Amazon riverduring a drought, filled with ravenous piranha just waiting forthe next dumb cow to venture into the water.) Here are some take-aways from the security sessions: The Internet and increasingly integrated value chains aredriving us to constantly extend our trust boundaries. You can’t protect everything, so figure out what your crownjewels are–the critical assets you’re trying toprotect–then build your moats around those. It’s the interaction of all your systems that define thesecurity of your business, not some piece of software or afirewall. Don’t try to make a case for security measures in a vacuum;rather, build the business case for what needs to be protectedand tie the need for security measures to that. And my own tip: Bridge the gap between you and the techiesmanning the corporate battlements now–or be willing to payTritak’s price in the future. Related content brandpost Sponsored by Freshworks When your AI chatbots mess up AI ‘hallucinations’ present significant business risks, but new types of guardrails can keep them from doing serious damage By Paul Gillin Dec 08, 2023 4 mins Generative AI brandpost Sponsored by Dell New research: How IT leaders drive business benefits by accelerating device refresh strategies Security leaders have particular concerns that older devices are more vulnerable to increasingly sophisticated cyber attacks. By Laura McEwan Dec 08, 2023 3 mins Infrastructure Management case study Toyota transforms IT service desk with gen AI To help promote insourcing and quality control, Toyota Motor North America is leveraging generative AI for HR and IT service desk requests. By Thor Olavsrud Dec 08, 2023 7 mins Employee Experience Generative AI ICT Partners feature CSM certification: Costs, requirements, and all you need to know The Certified ScrumMaster (CSM) certification sets the standard for establishing Scrum theory, developing practical applications and rules, and leading teams and stakeholders through the development process. By Moira Alexander Dec 08, 2023 8 mins Certifications IT Skills Project Management Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe