Fraud, Feds top concerns as CSOs meet in New York

IDG News Service - NEW YORK -- The explosive growth in online fraud and the impact of tough new federal regulations were on the minds of information security executives who gathered in New York this week for the second annual CSO Interchange, a gathering of chief security officers.
Regulatory compliance was the top concern among conference participants, followed by the threats posed by computer worms, viruses and Trojan horse programs, which executives said were having a financial impact on their companies, according to the results of a survey conducted at the show.
Howard Schmidt, the former White House cybersecurity adviser, started CSO Interchange and security company Qualys Inc. sponsored the conference Tuesday. The event brought together more than 85 information security experts from a variety of fields, including financial services, health care, technology and government.
In roundtable discussions, security executives discussed a wide range of topics, including threats posed by the spread of wireless technology and by attacks that use previously unknown, or "zero day" software vulnerabilities.
Thirty percent of those surveyed at the show said that complying with regulations was their top security issue. Twenty-eight percent listed worms, viruses and Trojan horses as the most important issue, followed by end-user sloppiness, which 10% of those polled said was their No. 1 security matter.
Eighty percent of those surveyed said that cyberattacks had a bottom-line financial impact on their organizations, though most, 62%, said that impact was less than $50,000 a year.
Online fraud was also on the minds of those present at the event. Sixty-nine percent said they were concerned or very concerned about the problem.
The growth in online threats, including online identity theft attacks known as "phishing scams," in the last year demonstrates the need for organizations to have comprehensive security plans in place, said Rich Baich, chief information security officer at ChoicePoint Inc., which makes identification and credential verification systems.
As IT security issues take on more importance, the profile of CSOs is also rising, according to attendees. Almost 70% of those polled at the show said that they report directly to their company's CEO or CIO, according to the survey.
While moving into executive ranks, however, CSOs face challenges.
Sixty-nine percent said their job became harder or "significantly harder" in the last year, with many of those polled reporting stagnant hiring and budgets for IT security.
Even when companies can take on more IT security staff, more than 60% said that they had difficulty finding skilled candidates, according to the survey.
CSOs also face organizational challenges, as they shiftfrom a "necessary evil" to an integral part of the executive team at many organizations, Schmidt said.
Among other things, CSOs need to pass off more routine IT security tasks, such as antivirus technology management and security audits, to traditional IT staff, he said.
To make comprehensive plans work in large organizations, CSOs have to learn how to get other executives to sign on to the plans, and translate security issues into terms that other business executives can understand, such as creating value for companies and getting a return on investments in security technology, ChoicePoint's Baich said.

Reprinted with permission from

IDG.net
Story copyright 2009 International Data Group. All rights reserved.