Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

CIOs seek cybersecurity solutions, bigger voice in C-suite

Kenneth Corbin | June 29, 2015
Tech chiefs come together to sift through security issues, ranging from cybersecurity to budgets to CISO roles.

cybersecurity ts

Issues like cybersecurity might keep CIOs up at night, but in Northern New Jersey, at least they know they're not alone.

Mark Sander co-founded the North Jersey CIO Roundtable under the aegis of that state's chapter of the Society for Information Management, aiming to bring together tech leaders in a series of meet-ups pegged around issues like security and the role of the CIO in the C-suite.

"There's a great exchange of information," Sander says of the meetings.

"It's lonely as the CIO," he adds. "It's nice to talk to your peers and learn from them."

Sander explains that he initiated the roundtable sessions in a bid to engage CIOs from larger firms in the region just outside New York City, offering a venue free from the distractions that too often arise at industry events billed as networking opportunities.

"Some of the reasons these big CIOs don't come to general meetings is they don't want to be attacked by every manager and director looking for a job," he says.

Earlier this month, Sander convened a roundtable to focus on security issues, arranging for guest speakers from the FBI and a prosecutor with the U.S. Attorney's office in New Jersey specializing in cybercrimes.

With no cameras rolling, those officials offered a frank assessment of the challenges stemming from the mounting cyberthreats, which Sander places in two broad categories: those from hackers motivated by a political cause and those seeking financial gain.

Those groupings are of course filled with considerable nuance, but in broad strokes firms are very much struggling to fortify themselves against cyberthreats.

CIOs and CISOs need broader reach in organization to battle cyberthreats

Part of the challenge is organizational, Sander argues. He believes that a firm's top security official needs a broader reach than is typically afforded within the tech division. Better than reporting directly to the CIO, he says, the CISO would be accountable to the internal audit unit or audit committee, or, potentially, even the CEO.

Many CIOs at the roundtable disagreed, arguing that the CISO should remain within IT, Sander admits. But while he doesn't discount the nexus between security and tech, he contends that security must be an enterprise-wide priority.

"For a CISO to be impactful today, they're going to have to influence things outside IT," he says. "Security's going beyond just passwords, firewalls and all the techy stuff."

Though passwords might be a sensible place to start. Sander, who has held CIO and senior tech positions at a variety of firms, talks of the lax cyber hygiene in many enterprises -- where employees' passwords might be found scrawled on notes under the desk blotter or on Post-Its stuck to the monitor.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.