Worms, viruses and Trojan horses will remain a top security concern for the coming year, according to executives attending the CSO Interchange forum in New York earlier this week.
CSO Interchange was founded earlier this year by Howard Schmidt, eBay Inc.’s chief information security officer (CISO), and Philippe Courtot, CEO of managed service provider Qualys Inc. It provides an invitation-only venue for senior IT executives to discuss security-related issues.
A poll of the 85 executives who attended the forum revealed that malware and regulations continue to be top-of-mind issues for CSOs, Courtot said. Almost 60 per cent of the attendees rated those two areas as their top concerns from a list that included other security issues such as phishing, spyware, identity theft, wireless security and cyberterrorism.
Much of the concern stems from the growing sophistication of cyberattacks and the multitude of ways in which they are being launched, said Jaime Chanaga, CISO at Geisinger Health System in Danville, Pa.
“There are so many entry points on today’s network, whether it is e-mail or FTP or Web services or wireless,” said Chanaga said. “So we’ve got to have defenses at different layers that are much more comprehensive” than simply deploying antivirus software.
There is also a need for a better advance-warning system for cyberattacks and for more information about vulnerabilities, according to many CSOs. More than 60 per cent of those polled at this week’s event said they don’t get sufficient early warnings about major cyberattacks.
The multitude of sources that purvey attack information and the highly nonstandard manner in which such information is available makes it challenging for companies to mount an effective response, said Christofer Hoff, director of enterprise security services at Western Corporate Federal Credit Union in San Dimas, Calif.
For instance, there’s no standardization in the way application software and operating system vendors release vulnerability and patch information, Hoff said.
“There really needs to be some sort of a more collaborative way of distributing such information” that involves both industry members and the government, Chanaga said.
The heavy focus on operational and tactical issues by CSOs at the New York event comes amid a growing realization of the need for security managers to take a more strategic focus. What this shows is that “you can’t really separate the operational issues from the business issues,” Courtot said. “You cannot be really strategic until you have enough of your bases covered and have a real way of ensuring that you have (taken) all the precautions you need.”
The poll of CSOs also showed that nearly 70 per cent of them are concerned about online fraud at their organizations, though less than half said they feel they are doing everything they can to stop it. More than 60 per cent also said their security budgets have increased over the past year, although 84 per cent feel that their security programs remain underfunded.