But Kail, who was Yahoo's CIO when the first hack purportedly tool place, says that companies must integrate such tools with technologies and business processes for validating user authentication and authorization. He says that such a solution could leverage blockchain, the digital ledger software that ensures trust between parties exchanging cryptocurrencies such as Bitcoin, will emerge in 2017.
Boards free up budget but expect proof of protection
It’s no secret that boards are loosening the purse strings for cybersecurity but CIOs will continue to struggle to balance their cyber investments against managing risks to their businesses. Put another way: The choice between what to buy, implement and tune first -- the shiny new behavioral analytics platform or the latest and greatest business email compromise stopper -- poses prioritization challenges many CIOs aren't accustomed to in this age of cyber warfare.
Worrall says that even if their boards allocate more funds for cybersecurity, CIOs need to beware of budget abuse. Those who take the “sky is falling” approach become chicken little, he says. One advantage Worrall has working for a networking technology company is that his tech savvy board grasps the intricacies of cyber defense.
"I can have a conversation about risks at a technical level many of my CIOs peers can’t at other organizations," Worrall says. He says he is fortunate that he can discuss business risks with his board that focus on mitigating risks to the point of immateriality rather than the cost of cyber tools.
Evidence that boards have become more attuned to cyber risk has materialized in executive recruitment, where companies are looking for savvy leaders who can articulate security risks in a way that business leaders can easily grasp.
Gerry McNamara, global managing director of the information officers practice at executive recruiter Korn/Ferry International, says that his corporate boards are interested in finding CIO and CISOs candidates who can help accelerate their businesses’ cyber profiles relative to their peers.
“The boards are really engaged in digital and cyber right now, asking: Where are we on cyber? Are we protected? Are we keeping our information private? How do you know that it is? Prove to me that it is,” McNamara says. “We have a lot of work going on in cyber mapping of talent.”
Unfortunately, even the best talent and the latest technologies aren’t enough in an era when politicians such as John Podesta and the other folks at DNC as well as top executives can be duped to click on a malicious email whose origin and content appear innocuous, or a user puts the wrong USB into their PC.
“What we’ve all learned unfortunately is that humans are the weakest link in security,” Worrall says. “You can put up the biggest castle wall but as soon as one person connects an infected laptop to the network, it’s game over.”
Sign up for Computerworld eNewsletters.