There’s no such thing as “business as usual” for an IT executive today. Every Fortune 2000 CIO is responsible for keeping an eye on the horizon of enterprise technology, and that includes security technology to keep their organization’s information assets secure. In this week’s CIO Corner, we explore what CIOs are talking about on Twitter this week including Gartner’s top 10 list of security technologies for 2016, the cloud wars between Amazon and Microsoft, the ongoing challenges of unpatched vulnerabilities in enterprise systems, a $79 million cryptocurrency heist, and what you need to know about password managers.
Last week, IT and security leaders from across the country gathered outside Washington D.C. for Gartner’s annual Security and Risk Summit. This premier event provides forward-thinking technology executives a forum to share war stories with their peers. It’s also where Gartner publishes its annual list of the most important security technologies. This year, there was a notable holdover with cloud access security broker (CASB) appearing for the second consecutive year. The choice may reflect the widespread adoption of CASB adoption that is expected to increase over the next couple years: Gartner predicts 70% of companies will have deployed a CASB by the end of 2017.
— Neil MacDonald (@nmacdona) June 15, 2016
Gartner also released other predictions at the conference, which weigh the impact of contemporary trends in IT. As a reminder that not all threats take advantage of sophisticated or even difficult attack methods, Gartner’s Greg Young predicts 99% of exploits will exploit vulberabilities known by security teams for at least 12 months before the attack. In other words, IT teams will continue to struggle with patching existing vulnerabilities. Andy Nallappan, the CIO of Broadcom, explained to me that “current-all” is one of his IT department’s guiding principles. Gartner’s outlook indicates executives need to prioritize patching known zero-days to make sure these vulnerabilities do not slip through the cracks. The personnel resources required to do so may help explain the talent shortage many companies report.
— Peter Hesse (@pmhesse) June 16, 2016
On the other hand, the tedium of updating software to patch vulnerabilities is one of the factors driving companies to cloud solutions. Cloud providers take responsibility for fixing software security vulnerabilities, and cloud enables immediate, seamless updates across all customers that can take months with traditional software. The widespread move to the cloud has led to a fierce battle between Amazon, Microsoft, and Google. The high-level of competition among market leaders ensures significant investments in cybersecurity and service performance.
— Cynthia Stoddard (@StoddardCA) June 19, 2016
The hack of Bangladesh’s central bank showcased the fragility of our digital financial connections. Business is moving online, but security controls do not always keep up with technological progress. In some cases the failure is due to improper implementation. A few high profile incidents may provide the necessary incentive for companies to secure their access points. In the Bangladesh bank’s case, cheap network switches and a lack of multi-factor authentication proved to be the weak link hackers needed.
A hacker lifted $80 million in digital currency from the DAO, showing the dangers of programmable money https://t.co/PFLMYudh4T
— IanCohen (@coe62) June 19, 2016
A simple compromised credential played a key role in the Bangladesh bank’s theft. The recent discovery of 280 million passwords dumped online should compel every IT team to reconsider static passwords. Multi-factor authentication, especially adaptive authentication which takes into account the context of device, application, and data, is no longer optional for companies looking to protect sensitive assets. For end users, password managers can mitigate risk from password data breaches, which often go unreported for months, leaving users vulnerable.
5 things you should know about password managers | https://t.co/XVXNGSnT1V
— Scott Fenton (@sdfenton) June 19, 2016