- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
The CIO-level business angle on the latest tech
Network World - U.S. Secretary of Defense Leon Panetta may be laying awake at night worrying about the threat of cyber warfare, but the typical CIO or CISO is thinking about much more mundane security threats. Wisegate, the online professional networking organization for IT and information security (infosec) professionals, has just released its report, Preparing for the Top IT Security Threats of 2013. The report reveals the typical infosec concerns that lead many CIOs' agendas for the year ahead, as well as the strategies that these leaders are using to reduce risk for their organizations.
A LOOK BACK: Worse security snafus of 2012
The CIOs and CISOs who contributed their perspectives represent a wide range of businesses and agencies. Despite their diverse business interests, the executives agreed on one major threat area that concerns them all: BYOD. Most likely BYOD is on your list as well. Among their other major threat concerns are:
It's no surprise that BYOD leads the list of concerns. This practice opens up new areas that are unfamiliar to many IT departments. Everyone is struggling with the same issues and trying to answer the same questions. How can we prevent data theft, loss or leakage when employees are using their own consumer-oriented smartphones, tablets and applications? What rights do we have to lock down or wipe a device that is owned by a worker and not by the company? How can we ensure that workers keep malware off their devices that they want to connect to the corporate network? How can we possibly support employees' devices that sport such a large variety of operating systems, applications, firmware and mobile carriers?
Wisegate members offer some of the strategies they are using to reduce the risk of BYOD. One way these infosec professionals are leading the way is through employee awareness of security issues and good practices. According to the report, workers understand why a company-owned laptop might need to be encrypted, but they don't understand why they can't have Angry Birds and a PCI-compliant application on the same iPad. It's incumbent on the IT department to create awareness, especially of "safe use" policies and procedures.
Another strategy to mitigate the risks introduced by BYOD is for the IT department and infosec professionals to be the "first adopters" of the technologies. The report offers this advice: By trying things before end users bring them into the work environment, IT can better understand the potential security threats as well as the support needs. More important, with a first adopter approach, the IT group becomes the real enablers of business units and their staff rather than being the gatekeepers -- or worse, the preventers.