by Maryfran Johnson

Storm Warnings

Oct 15, 2009
IT Strategy

Why Online Security Threats Matter

The dark side of cyberspace tends to sneak up on you. One minute you’re clicking away on a trusted website. The next minute, you’re staring at a flashing security warning, commanding the download of “virus protection software” that later turns out to be malware masquerading as an ad.

The problem for CIOs is that some cybercriminally inclined idiot is always thinking up something next. And they’re targeting the weakest link of all: your end-users.

Speaking on behalf of average users everywhere, let me remind you that we don’t know jack. When it comes to secure computing practices, most of us are worse than sheep (who at least can’t do their companies much harm online due to a lack of opposable thumbs).

Online security risks are, of course, a hardy perennial in the garden of CIO concerns. So why should you be more attentive to them now than, say, a year or two ago?

You’ll find some definitive answers to that in our cover story (“Why Security Matters Again”), which reports the results of this year’s Global Information Security survey. We conducted this survey jointly with PricewaterhouseCoopers and CSO magazine, gathering responses from 7,300 business and technology executives around the world.

One surprise was that even in the grip of a global recession, companies did not pare down security spending, although they are clearly outsourcing less and pulling certain protections back in-house. Another welcome surprise was the resurgence of CSO titles and IT security chief jobs. An overwhelming 85 percent of our survey-takers reported having a top security exec in position now—way up from last year’s 56 percent.

What wasn’t so surprising are the underlying reasons why security matters again: social networking and cloud computing, both set against a regulatory backdrop of increasing compliance mandates.

The perils that social networking sites pose to intellectual property are already much-discussed in the press and around the C-suite. But user education and training is lacking at most companies, our survey shows.

Top that concern off with the accelerating move toward outsourcing key IT assets to software-as-a-service vendors and cloud services providers, most of whom are feeling their way through a wildly uncertain market.

If you haven’t given security much attention lately, it’s time to shine a little light on the subject. Don’t let the darkness catch you unawares.

Do you Tweet? Follow me on Twitter @maryfranjohnson. Follow everything from CIO Magazine @CIOMagazine.