No Place For Passivity in Cybersecurity Leadership (IBM Security Intelligence)


By and large, the news in 2017 was not good on the cybersecurity front. Whether you follow media headlines or industry studies, attacks are up, breaches are larger and threat actors are more sophisticated than ever. Unfortunately, many organizations fail to take basic precautions to mitigate these risks. As a result, breaches often go unreported, leaving millions of customers unaware that their personal data is exposed.

The technical challenges are growing, but technical solutions are also increasingly available. However, many of these tools go unused or unnoticed by organizations. The real issue here is cybersecurity leadership — or a lack thereof.

Staying Out of the Spotlight

CIO Insight detailed some of 2017’s most noteworthy breaches and the blunders that put those companies in a negative media spotlight. Failures at the leadership level included negligence in risk management and poor handling of incidents after they occurred. These lapses ran the gamut from embarrassing to infuriating.

For example, a cybersecurity consulting firm failed to implement basic protections on its network and took months to discover that its most confidential customer discussions were exposed. Similarly, a financial firm failed to notify millions of consumers that their data had been compromised and even endeavored to mislead them once the breach went public.