Let us turn the time clock back! The title CIO was first coined in 1980 by bank executive William Synott. According to him, “The job of chief information officer, equal in rank to chief executive and chief financial officers, does not exist today, but the CIO will identify, collect, and manage information as a resource, set corporate information policy, and affect all office and distributed systems.” Though the role of CIOs as explained by Synott have come true to some extent, yet even to this day, CIOs are not placed on an equal footing with CEOs or CFOs. However, times are changing, thanks to trends like mobility, cloud computing, software-defined data centers, the Internet of Things, and big data, analytics.
Many organizations are coming to realize the importance of this spoke in a company’s wheel and as a corollary, the stature of this position is undergoing an interesting shift. Today’s’ companies require CIOs who has a thorough understanding of not just technology but also an in-depth understanding of the company’s target audience including customers, as well as their business operation and module. They need CIOs who can lead from the front and who can transform the Information Technology department from an entity that maintains the hardware and software into a highly valuable service provider driving business innovation. Innovation is the next frontier for all CIOs, and now is the time for the CIO to prepare and take action.
The bygone year was year of tests as far as cyber security is concerned. Headlines were more often than not dominated by high-profile data breaches, including many that involved health insurance companies (e.g., Anthem and Premera) and one huge breach on an important federal government office (the Office of Personnel Management) where almost 22 million current and former federal employees confidential information were stolen, along with the biometric data of more than 5 million people.
Thus, the CIOs role is becoming all the more critical. Globally, 91 % of all healthcare organizations reported at least one data breach over the last two years. According to IBM and the Ponemon Institute, the average consolidated cost of a data breach is now nearly $3.8 million – representing an increase of 23 percent over 2013. As CIOs make their to-do lists for the coming year, they should also consider the list of what they shouldn't do when it comes to their cyber security strategies. Let us look at certain aspects that CIOs should absolutely consider this year.
- Don’t confuse cyber insurance with cyber security: Keeping a financial backup plan is indispensable when it comes to a business's most important assets. The market for cyber insurance is taking off as companies are coming to realize its significance. However, it should be kept in mind that cyber liability policies can't actually protect mission-critical data and thus cyber insurance merely form a small part of the entire security strategy of an organization.
- Don’t refrain from educating your human resource about cyber security best practices: It is just obvious that employees often form the vulnerability point when it comes to your cyber security infrastructure. Thus, businesses should make it a point to educate its staff on how best to utilize tools, email and the Internet so that it doesn’t compromise with office networks. Conducting workshops and training sessions wherein employees can be told as to when it's okay to click on links in emails and what websites they can and can't visit. This will help curb the number of phishing scams and malware infiltrating company networks.
- Don’t Pay Ransom: In the very first place, don’t be a victim of ransomware. Educating employees and deploying proactive Anti-ransomware solutions can solve this problem upto greater extend. However, if at all such unfortunate incident happens, incident response team must be ready for such situation, one of it include taking proper data backup in advance. This will ensure you don’t loose your critical data and you don’t need to succumb to ransom pressure from victim.
Remember when any customer pays ransom money to cyber criminals, it's helping boost cyber-criminals financial power to attack more such customer. As part of “corporate cyber-social responsibility” this must be a strict ‘No”.
- Don’t neglect the company’s disaster response plan: Many organizations do not have a proper disaster response strategy in place and many others have lackadaisically constituted ineffective response plans which are completely redundant in times of need. This can lead to lethal issues down the line, especially considering when businesses go offline for any amount of time, it costs a serious amount of money that could cripple entire companies at one go. Breach response is more than just a reaction to an infiltration; it needs to be a legitimate course of action that an organization had developed and put to test in times of crisis.
In 2016, CIOs should make sure their companies have a well-engineered disaster response plan in place. This includes creating a strategy and testing it out before a network breach actually occurs.
- Don’t compromise on the quality of cyber security solution: This is first and foremost. It doesn't pay to invest in something that isn't going to do the job, especially when so much business relevant mission critical avalanche of information is on the line. Companies cannot afford to integrate the wrong solution and pay the heavy price that can bring the entire organization down to its knees.
Cloud and mobile computing are pushing the IT landscape further away from the organization, and an emerging Internet of Things is expanding the surface area of a defensive front already riddled with gaps. Today’s cyber security trends are evolving at an overwhelming pace, but it’s not a lost cause. The enemy is not an invincible genius — he’s smart and organized, and the key to winning is simply to beat him at his own game.
Nilesh is the Country Manager- India and SAARC, Trend Micro