High-impact CIOs take challenge as an opportunity to grow strategically and maximize resource bandwidth to gain competitive edge in the cut-throat market. The most part
of a CIO’s job involves making informed IT decisions and empowering knowledge workers with the right technologies to help them become more productive at their job. But what it takes to become a high-impact CIO? What are the most daunting concerns of an IT manager? Read on!
More than Just Lines on a Map: Best Practices for U.S Bike Routes
Â
7 Things That Keep CIOs Up At Night!
1. www.identacor.com | Confidential
High-impact CIOs take challenges as opportunities to grow
strategically and maximize resource bandwidth to gain
competitive edge in the cut-throat market. The most part
of a CIO’s job involves making informed IT decisions and
empowering knowledge workers with the right
technologies to help them become more productive at
their job. But what it takes to become a high-impact CIO?
What are the most daunting concerns of an IT manager?
Let’s have a look!
7 Things That
Keep CIOs Up At
Night
What it take to be a high-impact CIO?
IDENTACOR
2. 7 Things That Keep CIOs Up At Night
www.identacor.com | Follow us on Twitter: @Identacor
Overview
With the large scale and diverse nature of possible data breaches and changing landscape of tech, it is almost next to
impossible for an organization or the CIO to protect their stakeholders (including employees, customers and business
partners) from all the hassle.
From financial institute to retail, manufacturing and public agencies, nobody is
immune. Security hacks are everywhere, and every single business, big or
small, has been at least once affected by the wraths of uninvited malware
software, ingenious hacker groups, or social attacks. In its annual Data Breach
Investigation Report, Verizon found 38% of security breaches impacted large
organizations and while hacking and malware struck were not down from the
count, exploitation of weak or stolen credentials to encroach the network took
the center stage by becoming the sole reason of 76% of all data breaches
reported throughout the year.
There is an increasing concern about security for CIOs, particularly those
dealing with customers online or involved in transactions over the Web, with
around 2 in 10 being a victim of an organization-wide security lapse. The CIO
position is inherently very demanding and hazardous at the same time. With a
little foresight, a mismanaged project, a mere breach or a tech failure could
cost them their job. Each year so many CIO lose their job due to failure to perform their duties. Consequently, CIOs have come to assume a
reduced tenure, handling all this IT chaos, unplanned situations, and most importantly, security attacks or breaches.
The wide range of targeting techniques and level of complexity of attack or breach, CIOs are worried which areas in the organization are weak
and how to protect credentials of their employees and valuable clients to offer them a secure and trustworthy environment. In this whitepaper,
we have put together a list of most daunting issues for CIOs and how they are overcoming those issues to ensure security of the confidential
data and user credentials. Let’s dive into those pain areas.
21%
31%
17%
14%
12%
5%
How do breaches occur?
Used some form of
Hacking
of network intrusions
exploited weak
or stolen credentials
incorporated
malware
involved physical
attacks
leveraged social
tactics
3. 7 Things That Keep CIOs Up At Night
www.identacor.com | Follow us on Twitter: @Identacor
1. The Multitude of Password Management!
Password management is one of the most essential parts of enterprise security. However,
in the last couple of years, password theft or infiltration into hashed or encrypted version of
user credentials has seen a significant spike. Verizon Data Breach Investigation Report
indicated 76% of hacks occur due to weak or stolen password from online services. Whilst
we all love benefiting from the convenience of online portals and applications, CIOs are
challenged to keep this interaction secure and hazard free.
The challenge of password management stems from a lot of different reasons, including but
not limited to:
1. Users Don’t Care About Adequate Passwords: It has been proven over time,
enterprise users – employees, business partners or customers – do not usually care about
using strong passwords (unpredictable pattern or refined characters and appropriate
length) or tend to use the same password across multiple platforms or applications which
make it easier for cyber criminals to break in.
2. Lack of Password Policy: In an enterprise setting, manual one-on-one monitoring of
user password could be unmanageable. Therefore, an adequate password policy defines
how users will configure a strong password. It sets guidelines for the users and forces them
to conform with rules such as designated password length, use of special characters,
frequent password change, etc.
3. Poor Handling of Password: Secure handling of passwords that need to be shared
between multiple users, such as social media credentials or role-based permission, etc., is
also essential. Plus, when an employee quits the job, those passwords are lost, leaving the
IT manager or CIO in the lurch.
76%
of hacks
are caused
by weak or
stolen
passwords.
4. 7 Things That Keep CIOs Up At Night
www.identacor.com | Follow us on Twitter: @Identacor
2. The Frightening Adoption of Mobile Devices!
The adoption of mobile devices at workplace is growing and it is growing pretty fast.
According to , the total shipment of tablet computers toDigital Ad Agency Vertic report
enterprise around the world are expected to increase at a compound annual growth
rate of 48%, with shipments rising from 13.6 million units in 2011 to 96.3 million units
in 2016.
The quick adoption of mobile devices is a burning issue for CIOs, forcing them to adjust
their enterprise strategies and IT infrastructure to ensure smooth transition from
traditional PC-based architecture to enterprise-owned mobile device or Bring Your Own
Device (BYOD) phenomenon. With more and more companies allowing some sort of
BYOD or BYOT usage, IT managers need more in-depth monitoring of devices accessing
the corporate network.
Whereas Motorola reports just 2 out of 3 people understand that to keep mobile data
confidential and secure is their responsibility, rather than the IT department. On top of
that, 34% of survey respondents store their sensitive data, such as bank account details,
work email or user credentials, on their mobile phone. Mobile devices that connect to
an enterprise network are wide-ranging and growing, inviting more complexities, such
as:
ď‚· To increase convenience, knowledge workers often share and send work email
or documents to their personal email accounts.
ď‚· Employees using personal devices to store corporate data see no harm in
connecting to unsecure wireless networks outside the premises.
 Less people are aware of or respond to organization’s IT security policy.
Over the next
5 years,
Total Shipment
of Tablets to
Enterprise is
expected to
increase at a
CAGR of
48%.
5. 7 Things That Keep CIOs Up At Night
www.identacor.com | Follow us on Twitter: @Identacor
3. Borderless Social Media Networking
Enterprise can no longer suppress the flow of social media networking, it is not going away.
Instead, social media has taken off to become an essential part of online business success with
more and more people engaging on their favorite platforms. However, the continued
momentum and growth pose a significant threat for the enterprise and CIOs are worried about
risks associated with the use of vulnerable social media.
Forrester Research ranks social media as one of the top 3 risks organizations face today. Nick
Hayes, analyst serving security and risk professionals for Forrester Research, said: "The
floodgates are open and social media is changing the way we operate our businesses, how we
interact with employees, develop business relationships with our customers, and how we
market and build the company brands. It is incredible how invasive it is within organizations
today, and IT professionals need to think about how to empower employees to use social media
effectively."
Remember when Burger King (BK) – the global chain of hamburger fast food restaurants – lost
access of its official (verified) Twitter profile in hands of some anonymous hackers and began
sending out awkward tweets? Duh! So, it is better to put up guidelines and technologies in place
to manage the flow of social media and potential attacks. Below are 3 tips for CIOs to strengthen
their social media strategies:
Keep your enterprise’s sensitive social media assets secure. Retain complete control1.
over social media credentials as well as permissions governing the use of different profiles.
Social media is an online community where people share and sought information on a2.
vast majority of topics. Make sure your social communities are being listened and responded
back in good time.
To evade social media risks, train your PR Team or workforce. Provide them essential3.
trainings and make them aware of potential threats and challenges in the social media space.
BK’s hacked
Twitter handle
sent
53 Tweets
and received
73,421
RTs
In just
71 Minutes.
6. 7 Things That Keep CIOs Up At Night
www.identacor.com | Follow us on Twitter: @Identacor
Bring Your Own Device (BYOD) Dilemma!4.
With the new wave of tech, CIOs can expect to see a more diverse range of devices in the
enterprise giving rise to an emerging security threat. While Bring Your Own Device (BYOD) does
offer greater flexibility and increased productivity, it has also put enterprise CIOs into more trouble
over a series of issues, including:
ď‚· Expense/Cost Estimation: How to let people make the most of their own device without
investing dollars on infrastructure upgrade and migration? The estimation of how much it
would cost for an organization to let a personal device leak into corporate information? Or
just, is BYOD worth the effort and hassle?
ď‚· Privacy on Both Ends: How the IT manager or enterprise will guarantee the privacy of data
on employee’s device, both employee’s personal data and corporate data owned by the
organization? A commissioned , conducted by Forrestersurvey of 213 US IT Managers
Consulting, suggests 65% of IT managers are concerned with the corporate data leakage
through mobile devices, while 55% worry about possible theft or loss of mobile device.
ď‚· Ensuring Compliance: In any enterprise, compliance is the key to building successful
strategies, business teams or culture. The compliance needs all assigned or relevant
resources to be on the same page when it comes to sensitive topic such as privacy or
security.
Furthermore, sophisticated consumer-owned devices, such as PCs and Tablets, are now making
their way under the BYOD policy (earlier, Smartphone was running the play by being the single
most-used device out there) and these diverse device types will bring a plethora of technical
challenges for CIOs.
65%
IT Managers
are concerned
with the threat
of
Data
Leakage
through Mobile
Devices.
7. 7 Things That Keep CIOs Up At Night
www.identacor.com | Follow us on Twitter: @Identacor
Inadequate Data Backup!5.
The major part of a CIOs job is to deal with the bulk of data moving around and outside in an
organization. Willingly or not, CIOs are tasked to manage – well and secure – the data shared
between different resources, applications and platforms. The data – big or small – is an asset
for the organization and managers are needed to come up with a way to back it up. However,
conventional data back up or storage methods are not capable to handle the massive amount
of digital data available these days.
In its , EVault gathered data from 650 IT professionals fromsecond annual IT Leaders survey
around 5 countries and revealed that about 24% of IT pros admitted to not telling their CEOs
they are not backing up all files, especially those on the mobile devices. And 38% admitted
they worry about their data not being saved securely or whether any work has been backed
up at all. Imagine how much stress this could cause on a CIO’s position.
As more and more employees tend to store corporate data and documents on personal
devices, thanks to BYOD, CIOs are grappling with ways to ensure security of data in addition
to maintaining a centralized back up mechanism to retain and retrieve data from disparate
devices.
The cost of having an adequate data backup for organization-wide big data is another growing
concern. The big data is on the rise, practically infinite, it is almost impossible to gauge the
actual amount of data. Therefore, the expense of creating a data backup, fit for the need, is
just not imaginable either. Majority of IT managers are also cautious to request for more
funds, EVault survey also found 25% of IT managers hesitant to ask their CEOs for more
money to cope with the increasing amount of data companies are storing.
24%
of IT
Professionals
admitted to not
telling their
CEOs they are
Not
Backing Up
all files.
8. 7 Things That Keep CIOs Up At Night
www.identacor.com | Follow us on Twitter: @Identacor
Devious Phishing Scams!6.
Despite amplified user awareness and measures to secure consumers and businesses worldwide,
phishing attacks have multiplied over the period of time. The pervasiveness of digital footprint and
mediocre anti-virus software have led cybercriminals to turn to more sophisticated tricks, making the
quest to secure enterprise infrastructure more challenging for CIOs.
According to the , phishing attacks set another record aroundRSA Year in the Review 2013 Report
the globe with approximately 450,000 attacks and record estimated losses of over $5.9 billion (using
APWG’s average up time of 44:39 hours). In just October last year, 62,000 unique phishing attacks
were identified.
RSA expects mobile users to be affected by phishing attacks through apps, voice, messages or
conventional emails. So, here is what CIOs are expected to look into to relieve the burden of phishing
scams:
1. Increased adoption of email authentication integrated with an adequate enterprise
communication policy should help reduce the amount of phishing emails received by
corporate users.
2. Structured big data analytics and in-depth intelligence gathering will help detect phishing
attacks and mitigate the risk in advance, consequently diminishing financial losses. No doubt
cybercriminals are using sneaky and clever tricks and methods to tap into enterprise
information but employing analytics serves as an additional layer of security and provides a
way to see through the noise.
3. Cyber awareness is essential, it is imperative to make employees and consumers aware of the
potential hazards in the digital world to prevent severe losses.
In 2013,
phishing
caused approx.
450,000
attacks
and record
estimated
losses of over
$5.9
Billion.
9. 7 Things That Keep CIOs Up At Night
www.identacor.com | Follow us on Twitter: @Identacor
7. Ambiguous Application Usage!
Today’s workforce is more diverse than ever. The competition is tough and tech-savvy
employees are adapting to new technologies to be successful at their jobs. Cloud-based
App culture is making a hit in the corporate culture and sensitive enterprise data is being
wide-open across a dizzying range of cloud applications.
Netskope, the cloud app analytics firm, reports that enterprise have an average of 397
different cloud apps running that are used by employees, and many of these apps may not
conform with security and compliance standards of the organizations. From enterprise
management apps (such as Evernote, Zendesk, or Google Apps) to less conventional social
media apps (such as Facebook, Twitter or G+), CIOs need to adapt to new standards to
empower their workforce and let them effectively use these apps.
The challenge here is the ambiguous use of cloud apps where CIOs have little insight into
how to keep track of user interaction with these apps as employees use a lot of different,
sometimes unapproved, apps to improve productivity or to save time. But for IT
departments these apps (often used to store, share or benchmark corporate data) could
raise serious security and compliance concerns.
Based on Netskope finding, 51 diverse marketing apps and 35 human resource
management apps are used on average per enterprise. With that many apps, centralized IT
controls become questionable and CIOs seek information on whether they have access in
place to protect personally-identifiable information.
Blocking these apps in the enterprise is not the answer. The benefits of using these flexible
and efficient cloud apps are numerous. But CIOs need to come up with a way to make
cloud-apps more manageable for them and the enterprise.
Enterprises
have an
average of
397
cloud
apps
running that
are used by
employees.