CIOs plan to devote more resources to cybersecurity efforts, including security awareness training, in 2015.
2014 was not a great year for corporate cybersecurity. Last year saw many, many data breaches, affecting organizations of all sizes and every sector. Sony Pictures Entertainment’s hack, which took the form of a massive leak of private emails, probably received the greatest amount of attention, thanks largely to the high-profile celebrities and industry gossip involved. But while this was embarrassing, the Sony breach was dwarfed in scope by attacks on eBay, which exposed 145 million users’ personal information, and Home Depot, which led to the theft of 56 million credit card numbers and 53 million email addresses.
With these and countless other cybersecurity incidents now in the rearview mirror, many CIOs are determined to deliver a better performance in 2015. To this end, CIOs plan to devote more resources to cybersecurity efforts, including security awareness training, as TechTarget recently reported.
“CIOs realize that new, improved strategies are necessary to keep their companies safe.”
A renewed focus on security
As the news source noted, there were 783 reported data breaches in 2014, according to the Identity Theft Resource Center. This represents a 27.5 percent increase relative to 2013. CIOs are well aware of this upward trend and realize that new, improved strategies are necessary to keep their companies safe.
“When it comes to security and data integrity, there’s a much more heightened sense of concern today, not just because of the number of breaches, but because of the sophistication we’re seeing with some of these attacks lately,” Don Baker, CIO of a New York-based advertising services firm, told TechTarget.
This feeling is nearly universal among corporate IT security professionals. A recent survey from EiQ networks of nearly 150 IT decision-makers from a range of industries found that almost 90 percent fear their companies will experience a data breach in 2015. Only 15 percent of respondents said they see themselves as “well prepared” for the threat of a data breach with the same percentage indicating they were ready for the possibility of a cyberattack.
New efforts needed
These are discouraging numbers. Clearly, last year’s wave of data breaches has shaken IT security experts’ faith in companies’ defensive measures. However, there is a silver lining here, as recent cyberattacks are now acting as a wakeup call for CIOs and other IT leaders. These professionals now widely acknowledge the need for improved efforts which, if enacted, should serve to better protect companies from these threats.
“With the severity of today’s threat environment and impact on all areas of the business, IT pros are looking beyond basic compliance and beginning to focus on security best practices to get out in front,” said Brian Mehlman, vice president of product management for EiQ Networks.
Speaking to TechTarget, Baker agreed.
“You can’t assume what you have been doing year to year for however long is sufficient in the world we live in today,” he said, according to the news source.
The role of training
The question, then, is what new strategies CIOs should embrace to revitalize their corporate cybersecurity posturing.
As TechTarget reported, security awareness training will likely play a major role in this area. After all, many of 2014’s data breaches were not executed solely through the efforts of sophisticated hackers. Rather, in many cases, employee oversights created openings that opportunistic cybercriminals took advantage of.
Simple precautions can have a tremendous impact toward shoring up a company’s cyberdefenses. This includes everything from exercising caution when opening email attachments or clicking on website links. By ensuring employees understand the cyberthreats they face on a day-to-day basis, organizations can greatly reduceuser-related incidents, thus freeing resources to tackle external attacks.