*Entrepreneur: While Wayfair is no startup at 3,000 employees, he said as CIO he needs to think like an entrepreneur and make changes to strategy on the fly. Wayfair currently is in the midst of a big global expansion, and while it looked to hold the line on hiring after going public last year , it now realizes it needs to hire hundreds of people to empower the company to realize its potential internationally.
MAKING ARBELLA LESS VULNERABLE
As Wood alluded to, a big part of his job is supporting IT security staff in light of malware's pervasiveness. In a separate talk at IT Roadmap, Arbella Insurance Group VP and CIO Paul Brady zeroed in on "Security: The Changing Risk Landscape." The topic has certainly gotten the attention of Arbella's board of directors, which wants to know what Brady's team is doing to make the $850 million property and casualty insurer less vulnerable to cyberthreats.
[As an aside, Brady shared an almost-obligatory story about how his last name was used to tease attendees at a company event held at Gillette Stadium, home of the Super Bowl champion New England Patriots and quarterback Tom Brady. While attendees were disappointed the Arbella executive wasn't that Brady, he did get a $250 Brady shirt from the Pro Shop out of the caper.]
One big and unpopular move Brady said his team took in the wake of a few minor but potentially serious ransomware hits on the company in which computer and network drives were encrypted was to ban employees from using personal email accounts on the corporate network (they can still access such accounts via mobile devices). Even though antivirus and spam filter technology was updated to address the immediate threat, after some data restorations from tape had to be employed, the company knew that new variations of the threats would be on the way shortly.
"We haven't had any major exploits, but the security team has gone from percentages of jobs to multiple people trying to stay ahead of whatever is coming next," he said.
Brady added that Arbella is working to be proactive about sniffing out potential security threats via less obvious sources, from Reddit to vendors that prowl the darknet. Executives weren't happy that they didn't first hear about the Heartbleed Bug last year from Arbella's security vendors, but rather from the press.
Brady said that just because his company isn't as big as organizations like Target and Home Depot that have been hit with high-profile cyberattacks doesn't mean his team can rest easy. "The reality is that whatever vulnerabilities are exploited have the same risk to us," he said.
Sign up for CIO Asia eNewsletters.