Time to Take Security Seriously

Cybersecurity experts have been warning for a long time of vulnerabilities in private and public computer systems. However it is only in the past few years that numerous publicized breaches have exposed the full magnitude of the problem. Here are some of the top hacks of 2016:

The last item has been in the news these past few weeks, since the release of the stolen emails had an impact on the presidential elections. It is worth noting that the email system was not well secured. This situation is common because cybersecurity has not been a priority in most organizations, as it has been seen as a secondary role within IT.

But organizations are now totally dependent computers and the networks they run on. It is difficult to imagine a company today that is able, as it would have been a few years ago, to operate for an extended period of time without computers. Information system security is now best seen as a fiduciary duty, of concern all the way up to the board of directors. For example, since 2011, the SEC has required that cybersecurity issues be reported to investors. More importantly, it is bringing charges when proper practices are not followed and a data breach occurs.

A significant data breach can cost more than money. It can also damage the reputation of a company. On the other hand, a reputation for strong security can be a competitive advantage in a world where both customers and investors are increasingly tuned in to the problem.

Cybersecurity is now important enough that some companies have created a new role, that of Chief Information Security Officer. The management structure of companies is varied, and there is probably more than one way to organize cybersecurity efforts. One thing that we know for sure is that it can no longer be relegated to some obscure corner of the IT department. There is too much at stake.