Just today, a stranger came to my door claiming he was here to unclog a bathroom drain. I let him into my house without verifying his identity, and not only did he repair the drain, he also took off his shoes so he wouldn’t track mud on my floors. When he was done, I gave him a piece of paper that asked my bank to give him some money. He accepted it without a second glance.
While the Security 500 may have CSOs, CISOs and CIOs leveraging state-of-the art-technology to prevent cybercrime, the real arms race is upon the Security 50,000 (small and medium business or SMBs). And while the large organizations, if impacted, will have sway with their banks and made whole, the SMBs are more likely to end up the victim of crime, often without recourse.
The 2011 Security 500 survey conducted last spring identified that only 19 percent of Security 500 CSOs manage cyber security at their organizations. By the November 2011 Security 500 conference, we had an overwhelming request among attendees for cyber security sessions.
During the past year I have had the wonderful opportunity to meet and interview the best and brightest CSOs. Each was asked what every CEO should understand about security. Their ideas, advice and wisdom are shared with you in this month’s column. What should your CEO know? Share it with us at firstname.lastname@example.org
Security leadership and value is being tied directly to business unit and organizational goals as the best measure of its contribution. So directly tied, that business unit leaders are paying for risk management and security as a direct service versus an allocation. Further, these internal customers view security as a consultancy, and they are routinely seeking their advice to understand and manage risks enabling them to reach their objectives. The transparency of this relationship allows the business unit to identify security’s value to achieving their goals, resulting in increased reliance, use and spending with security.
Witness, if you will, 50 years of security art and science collapsed into the post 9/11 decade. When the dot com era burst, many venture dollars were looking for a place to work. 9/11, sadly, happened and was followed by many changes, including the creation of DHS and the promises to “inspect every bag at airports,” which led to the venture capital and curious question: Inspect them with what? The need rose, the money poured in. Innovation followed.
During the many conversations we have during the Security 500 research survey and interview process, one trend we do not include in the findings is how busy you are keeping your heads above water. A consequence of being more than fully employed is that many readers tell me that staying current with new trends, technologies and best practices is a constant challenge.
"When I was growing up in New Jersey, going to the World Trade Center was a school trip,” I said to Lou Barani. “And it will be again,” he replied with enthusiasm and a smile as we walked through the 9/11 Museum, which is in the midst of construction and scheduled to open in 2012. Once it’s complete, expectations are for more than 1,500 visitors each hour.
During the recent federal government budget debates, the “peace dividend” of the 1990s was mentioned a few times. Does the U.S. get a “war dividend” in the risk/reward decision of business location and expansion?
Will the next budget go around cloud your executive career aspirations? Think ahead to this fall, when you are at the round table patiently waiting your turn to present your strategy, plan and budget, including your CapEx request. Surely, you have worked hard on the budget this year. Zero-based it? Completed risk assessments? Tied the security processes to measurable business benefits?