January 3, 2018 By Rick M Robinson 2 min read

By and large, the news in 2017 was not good on the cybersecurity front. Whether you follow media headlines or industry studies, attacks are up, breaches are larger and threat actors are more sophisticated than ever. Unfortunately, many organizations fail to take basic precautions to mitigate these risks. As a result, breaches often go unreported, leaving millions of customers unaware that their personal data is exposed.

The technical challenges are growing, but technical solutions are also increasingly available. However, many of these tools go unused or unnoticed by organizations. The real issue here is cybersecurity leadership — or a lack thereof.

Staying Out of the Spotlight

CIO Insight detailed some of 2017’s most noteworthy breaches and the blunders that put those companies in a negative media spotlight. Failures at the leadership level included negligence in risk management and poor handling of incidents after they occurred. These lapses ran the gamut from embarrassing to infuriating.

For example, a cybersecurity consulting firm failed to implement basic protections on its network and took months to discover that its most confidential customer discussions were exposed. Similarly, a financial firm failed to notify millions of consumers that their data had been compromised and even endeavored to mislead them once the breach went public.

Study results may not be quite as vivid, but they are just as alarming. According to the Identity Theft Resource Center (ITRC), the total number of breaches rose 40 percent in 2016, and a midyear report by the same firm predicted another 37 percent jump by the end of 2017. Furthermore, a recent Ponemon study revealed that 56 percent of companies experienced a breach due to third-party error last year, a 7 percent increase over 2016.

At least we can conclude that false confidence is not the problem. Only 17 percent of respondents to the Ponemon survey said their organizations were effective in minimizing third-party risk, down from 22 percent a year ago. In addition, only 35 percent said they expected their third-party partners to promptly notify them of a breach. When it comes to fourth parties and beyond, that number fell to just 11 percent.

The Cybersecurity Leadership Deficit

All of these failures, CIO Insight noted, point to “a completely broken mindset and haphazard approach” to cybersecurity. This attitude is shaped from the top, if only passively, through inaction. As such, it can only be changed from the top. That’s why security leaders must help executives understand the organization’s risk posture from both a security standpoint and a business perspective. For their part, top leadership must become more involved in cybersecurity initiatives and budget accordingly.

The essential element of leadership is not in the particulars, but in active engagement with security challenges. Attackers are out there, but effective defense measures are available to help organizations protect their most sensitive data. Cybersecurity leadership consists of recognizing the dangers and taking them on, not reacting with passivity and evading responsibility.

Listen to the podcast series: Take Back Control of Your Cybersecurity now

More from CISO

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Boardroom cyber expertise comes under scrutiny

3 min read - Why are companies concerned about cybersecurity? Some of the main drivers are data protection, compliance, risk management and ensuring business continuity. None of these are minor issues. Then why do board members frequently keep their distance when it comes to cyber concerns?A report released last year showed that just 5% of CISOs reported directly to the CEO. This was actually down from 8% in 2022 and 11% in 2021. But even if board members don’t want to get too close…

The CISO’s guide to accelerating quantum-safe readiness

3 min read - Quantum computing presents both opportunities and challenges for the modern enterprise. While quantum computers are expected to help solve some of the world’s most complex problems, they also pose a risk to traditional cryptographic systems, particularly public-key encryption. To ensure their organization’s data remains secure now and in the future, chief information security officers (CISOs) should educate themselves about quantum computing, proactively address the coming quantum risks to cybersecurity and work to establish cryptographic agility in their enterprise.A future cryptographically…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today