Somewhere in the planning of the Security 500 Conference, I realized it would not be possible to turn the long list of security’s responsibilities from this year’s benchmark study into a readable slide. Nor was it prudent to punish our attendees with multiple lists of unmemorable threats and vulnerabilities. With more than 50 unique items in play; from managing investigations (97 percent) to overseeing insurance (15 percent); the business executives that manage risk and security for their enterprises all expressed this common theme:
Many organizations protect their cyber infrastructure by looking inward, focusing on their own networks and systems. They dedicate themselves to reducing the attack surface, assessing their vulnerabilities, and conducting system patching – all to continuously monitor their own networks.
And Duke’s security team assures it. “Thinking about the higher education and healthcare facilities at Duke, it is amazing what occurs on a given day. Students learn something that will change their life. Another person’s life will be saved at the hospital. A researcher will make a discovery that changes quality of life for others. There may be a wedding in the chapel. There is a high likelihood Duke will compete for or win a national sports championship. And we have celebrity speakers and lecturers visiting frequently. This is a very rewarding, exciting and dynamic environment,” Chief Dailey explains.
All $27,430,000,000,000 of it. That is $27 “Trillion” with a capital “T” of other people’s money under custody at State Street Corporation. Most of their customers, actually, are other financial institutions as well as institutional investors, and their brand and business relies on the continuous vigilance of their executive leaders including Steve Baker, Vice President and Deputy CSO.
Last year the Security 500 Report research identified the Risk-Nado facing security organizations. It pointed out how global risk matrix, the role of security and the expected results were all expanding quickly. As a solution, we identified with the theme of the book (and movie) “Money Ball” and the application of quantifiable mathematics to predict how a player will do in a specific situation.
As your enterprise virtualizes and leverages cyber technology to speed productivity, the incidence of cybercrime will, of course, increase. Similarly, as your employees’ behavior, as consumers, drives the technology they use (BYOD), the cybercrime cat will continue to be let out of the bag.
Protecting and supporting stakeholders on a global scale through investments in security operations centers (SOCs), intelligence services and travel support companies has become a best practice for leading security programs.
Some businesses, such as airlines, have either suspended service or increased passenger screening in the area. British Airways suspended service to both Liberia and Sierra Leone. Air France and Brussels Airlines increased screening procedures and warned that service could be cut at any time.
For the next generation of enterprise security leaders, is there a clear path forward to success? Enterprise security leaders discuss mentorships, education, certifications and the skills new CSOs and CISOs will need to succeed in their evolving roles and bring value to the business. But the problem is: with existing security leadership roles varying so widely, is the development of a uniform skill set even possible?