Too often, IT and business leaders opt for performance over protection and convenience over diligence, which creates serious security issues.
These days, there's a certain Alfred E. Neuman (“What, me worry?”) element to enterprise security. For those who aren't familiar with the concept, nothing ever seemed to fluster the odd and entirely disturbing character from Mad magazine.
Unfortunately, most enterprises and many of their leaders seem to live in a permanent state of Neumanistic thinking. For every business that takes security seriously, a dozen others seem to be asleep or oblivious to the real world of cyber-security threats and breaches. Can you say Target, Home Depot, TJ Maxx, Michael's Stores, Nasdaq, Neiman Marcus, Sony Pictures, and Zappos?
Wait, I'm forgetting about 293 others since the beginning of 2014.
Survey after survey shows that CIOs and other business and IT leaders aren't doing the right things–or can't focus on the right things. Too often, they're opting for performance over protection and convenience over diligence.
Fortunately, we may finally be hitting the tipping point. The dizzying array of breaches and breakdowns seems to be registering with the public. According to an October PwC report (“The CMO's Role in Privacy: Are Your Marketing Programs Affecting your Brand?”), 89 percent of consumers say they now avoid companies they think don't protect their privacy online.
Centri president and CEO, Vaughan Emery, believes that five key trends are emerging: Consumers are becoming more security conscious, service providers are beginning to market security features, multilevel security is emerging, data encryption is becoming a default feature rather than an option, and password management systems are becoming more common.
UCLA Information Studies professor Leah Lievrouw said that a parallel trend is taking shape. A few companies, including Apple and Microsoft, are attempting to establish themselves as guardians of privacy. For example, the former has built strong privacy protections into its Apple Pay system while both Curpertino and Redmond have signed onto a new initiative to better protect student data.
"A growing number of consumers want to do business with companies that look out for their interests," she said.
In addition, there's greater government scrutiny over data protection and cyber-security. President Obama's January speech, suggesting a national data standard, has ricocheted through the business world and beyond. New York Attorney General Eric T. Schneiderman recently introduced a proposal that would "overhaul New York state's data security law and require new and unprecedented safeguards for the personal data of consumers."
CIOs should be taking copious notes. Sentiment is changing. And those who don't pay close attention and fail to get their act together could find themselves facing a world of hurt.
Samuel Greengard, a contributor to CIO Insight, writes about business, technology and other topics. His forthcoming book, The Internet of Things (MIT Press), will be released in the spring of 2015.