• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Security   »   Don’t Be a Data Breach Victim: Appoint a CISO Before It’s Too Late

Don’t Be a Data Breach Victim: Appoint a CISO Before It’s Too Late

  • Posted on:February 11, 2015
  • Posted in:Security, Uncategorized
  • Posted by:
    JD Sherry (VP, Technology and Solutions)
0

No one knows what the future holds, but it’s a pretty safe bet to say 2014 will become known as the “Year of the Data Breach.” Yet amid the finger pointing, the executive culls and inevitable media coverage, there’s another interesting trend: several of the firms compromised by hackers didn’t have a functioning chief information security officer (CISO) at the time.

It’s no guarantee you won’t become the next breach headline in 2015, but having a full-time cybersecurity specialist role reporting directly in to the board has become essential for any major organization which takes security seriously. For companies still lacking this position, it’s time to act now before 2015 turns into a year to forget.

Costly mistakes

The reality today is that we’re no longer facing a ragtag bunch of bedroom-bound hobbyists – cybercrime is organized, well resourced, and agile. The black hats know where our weakest points are and are more than ready and able to exploit any security gaps to steal our most sensitive data – whether it’s personally identifiable customer information or sensitive IP.

Many of the most successful breaches of the past year used relatively sophisticated targeted attack techniques to infect retailers’ POS systems with new “RAM scraper” malware variants like Soraya and Backoff. Frustratingly, many of these breaches were preventable.

Given the huge losses involved, organizations should be more focused on minimizing risk – with operations overseen by a dedicated CISO.

The most recent figures from the Ponemon Institute put the average cost of a data breach at $3.5m in 2014, 15% higher than the previous year. It’s not just the cost of potential industry or regulator fines, legal action, or even the expense of investigating and remediating the issue which firms must contend with. More worrying is the potential for negative headlines to force customers to switch to rival providers, and for this reputation hit to impact the share price.

Enter the CISO

In its report, Ponemon noted that having a CISO in charge is a vital preventative measure, alongside things like incident response and crisis management plans. CISOs can help identify where information security risk exists and articulate it to the board in terms they understand, so key investments are not left wanting.

The lack of a CISO at retailer Target until recently led to just such a problem, it has been suggested.  That breach in 2013 is thought to have been one of the biggest ever in the sector, with over 40m card numbers and 70m customer records apparently exposed. The firm has appointed a CISO now, but at what cost?

Here are some other major organizations which had no CISO when they were breached:

  • Surprisingly, JPMorgan Chase lacked a full-time CISO when hackers managed to access its systems, potentially exposing sensitive information from more than 76 million households and seven million small businesses.
  • Sony only hired its first CISO in 2011 after a devastating attack which breached sensitive personal information on over 70 million PlayStation Network accounts. A more recent attack on it by the “Guardians of Peace” occurred during a changeover of CISOs, it has been reported.
  • Heartland Payment Systems’ 2009 breach affected an estimated 100 million cards. Again, no CISO was in charge at the time.
  • TJX, the largest breach of its kind at the time in 2007, compromised an estimated 94 million cards.

 

Related posts:

  1. Severity of Sony breach serves as data security warning
  2. The CISO Search: Finding the Right Person for the Hardest Job in Tech
  3. OTA releases data breach readiness guidelines
  4. Best Buy suffers second data breach in a month

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • New Report: Top Three Ways to Drive Boardroom Engagement around Cybersecurity Strategy
  • Advanced Cloud-Native Container Security Added to Trend Micro's Cloud One Services Platform
  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.