Credit: Richard Borge
It's almost a given that Redden, chief security officer at Brazos Higher Education Service, a Waco, Texas-based company that services billions of dollars in student loans, will be summoned to brief his worried board of directors.
Redden says he lays the groundwork for such command performances by proactively communicating with the board on an ongoing basis to keep them up to date on everything that IT is doing to protect the enterprise and how his team is preparing for the inevitable.
Even then, "I wouldn't be foolish enough to say I stay ahead of the bad guys," says Redden. "The bad guys stay ahead of everybody."
That observation is likely the reason why 50% of the 182 IT professionals who participated in Computerworld's Forecast 2016 survey said they plan to increase spending on security technologies in the next 12 months.
"When you look at the amount of money big organizations [spend] to prevent breaches and they still get breached, you've got to assume you'll be attacked too," says Dale Denham, CIO at Lewiston, Maine-based Geiger, a $150 million distributor of promotional products. "You have to have a plan in place."
Attackers are getting more numerous, better organized and more powerful. And the number of entry points they can use to access vulnerable networks is rising exponentially as televisions, printers, cameras and even cars are IP-enabled. Gartner estimates that the number of connected things in use will hit 4.9 billion by the end of this year, up 30% from 2014, and will reach 25 billion by 2020.
One recent example of the ever-evolving kinds of security threats enterprises are facing is a piece of persistent malware dubbed SYNful Knock that was discovered last September on Cisco routers.
"It's the first time anything has been publicly disclosed about an exploit of Cisco routing and switching equipment," says Darren Van Booven, cybersecurity officer for the Idaho National Laboratory in Idaho Falls. "It's a great example of the kind of threats organizations now have to mitigate. They require constant changes in our strategy."
John Nai, CISO at PayPal, says in 2016 he'll pay close attention to "infrastructure hygiene," which, he says, "is super important to us." Beyond that, Nai says he believes in keeping a firm eye on the basics. "A lot of companies focus on advanced capabilities," he notes, "but you really need to be brilliant at the basics: Make sure you're patching your infrastructure, patching your desktops and have the right operational capabilities to see what's going on in your network."
Sign up for CIO Asia eNewsletters.