“Water is the most precious resource in the world. You can live without food for a while, you can live without electricity, you can live without transportation, you can live without internet (despite what my kids say), but you cannot live without clean water. And that’s what makes my position so challenging,” says Scott Starkey, Security Manager for Birmingham Water Works.
Security organizations both in the private and public sectors have made considerable progress in gaining stature. More and more senior security executives truly have a seat at the table today as a respected member of the C-suite. Many security executives regularly interface with the Board of Directors and maintain excellent relationships with board members. Security organizations still have a lot of room for improvement.
Not too long ago, security operations centers (SOCs) and the enterprise security executives and the staff who ran them were relegated to airless basement offices with little security equipment that did no more than monitor video and manage guards.
The increasing adoption of hybrid cloud – a mix of public cloud services and privately owned data centers, already in place for 70 percent of companies on a global level – is giving rise to new security challenges and prompting CISOs to adopt different technologies to fight zero-day exploits, advanced persistent threats, and other devastating types of cybercrime.
We are entering a period of time when we are going to see an uptick in the number of security threats, both physical and in cyberspace. There is an increasing global unrest. Over the past few months what we’ve seen electorally, in the U.S., but also in Europe and in other parts of the world, has been a manifestation of that.
Developing budgets that make sense, support the mission of the enterprise, are thoroughly justified and garner the support of the C-suite is a challenge that security executives have faced for ages. Why is this the case? Is it that the C-suite doesn’t recognize the importance and value that an effective security program provides to the enterprise? Is it because security executives have not done an effective job of developing and documenting the inherent value to the enterprise of an effective security program?
Ninety-four percent of large businesses in the U.S. have a cybersecurity policy, according to the 2017 Cybersecurity Survey by Clutch, and most of them have had a policy for more than three years. U.S. enterprises are more likely to have a cybersecurity policy than most global organizations (two-thirds of which lack a formal cybersecurity policy), and policies most commonly include required security software, backups, scam detection and security incident reporting protocols.
A breach results in loss of trust, proprietary information, trade secrets and consumer confidence. On the other hand, investing in cybersecurity and breach preparedness creates trust, boosts consumer confidence, and incites innovation – all generators of revenue.
There’s a shift taking place in the boardroom: With the recent high-profile cyberattacks like WannaCry and NotPetya, cybersecurity has been placed in the spotlight, making it a much more prominent topic than it was five years ago.
Every day we are updated about the latest cybersecurity breaches – whether it's Yahoo, Dropbox or LinkedIn, how many records have been stolen, or how much companies have paid in result from ransomware or financial fraud.