The world's biggest cyberattack rocked the business world last week, illustrating the vulnerability of organizations to digital threats. But while six in ten companies may have a Chief Security Officer role, finding the right leader for it can be hard to find. In a recent paper, Korn Ferry explained how the wide-ranging mandate modern CSOs need to have.
First it was your credit card. Then your Facebook account and emails. Now hackers have found a way to steal your car. In a well-publicized case, hackers found a way to locate, unlock, and start one automaker's brand. The maker promptly corrected the problem--but not before adding yet a new layer of high tech jitters.
Welcome to the Internet-of-Things (IoT) era, where billions of products and parts share information and data with each other that, in theory, will make the world a more productive, healthier, and better place. But all that potential comes with an ugly underside: the ability to hack once-ordinary physical objects just because they’re connected to the internet. According to a new Korn Ferry report, keeping IoT-enabled products secure will likely require organizational changes and, more importantly, a shift in how chief security officers think.
The report’s authors interviewed security leaders at a variety of organizations to see how they are meeting the threat. Instead of simply being responsible for network and data security, many CSOs are taking on new roles, including safeguarding the security of the increasingly connected products that their company produces. “CSOs will need to get involved in product security early in the product–development cycle, and they’ll need to draw on a new set of skills themselves,” says Jamey Cummings, a Korn Ferry senior client partner and co-author of the report.
The issue will only become more prominent as IoT-enabled devices become more pervasive. In the last two years, the number of Internet-of-Things devices in the world soared nearly 70 percent to 6.4 billion in 2016, according to research firm Gartner, and there could be as many as 20.8 billion by 2020. While organizations recognize the security threat, research shows many devices are not properly secured. Based on a survey by analytics firm Neustar, more than 80 percent of companies that had adopted IoT technologies were attacked in 2015. Of those, 43 percent reported theft of finances, customer data, and/or intellectual property.
In some cases, organizations will have to start thinking about IoT security as another form of insurance. Spending on security may be costly, but the report argues that repairing damage from a hack often is even more expensive. Along with the shift in mentality, there also needs to be a rethinking of the skills needed for security personnel. Beyond the usual technical know-how, personnel also need good business acumen and strong communications skills. That combination is not always easy to find. Information technology departments historically operate in silos but if they’re going to help with IoT-related security, they’ll have also to solve business issues, and that requires a different type of problem solving.