Reset the ticker back to “Zero days without a vulnerability”.
The Venom bug grabbed headlines this week, putting virtual machines at risk from an elevated privilege attack. Interestingly, Venom broke from the typical vulnerability narrative, as many in the industry pushed back and claimed the media buzz was exaggerated. We have to agree with the California Mason’s Michael Skaff’s careful wording: Venom is “worth your awareness.” This may not be bigger than Heartbleed, as claimed, but Venom does warrant a close examination of your virtual machine technology.
— Michael Skaff (@mskaff) May 13, 2015
Last week we touched on how a new breed of CIOs is elevating the importance of the position by staying on the cutting edge of technology trends. This week, several CIOs came together to expand on the relationship between the CEO and the CIO. Brian Vellmure advised CIOs that the way to gain favor with the man at the top is to enable business goals with technology. Business units don’t care how the sausage is made; end users just want access to the tools that make them most productive. The CEO is the ultimate advocate for the company’s bottom line, and getting on his or her good side requires partnering with lines of business. To quote Equinix CIO Brian Lillie, no one wants a “CI-No.” Anonymous cloud expert Cloud Opinion chimed in with a concise three-step guide for CIOs looking to become competitive differentiators for their organizations.
CIOs have long been responsible for understanding CEO priorities / goals and enabling with technology. 1/2 #ciochat
— Brian Vellmure (@BrianVellmure) May 14, 2015
A3. 1. Understand business 2. Reallocate IT budget to strategic projects 3. Put business before tech #CIOchat
— ???? (@cloud_opinion) May 14, 2015
At this point, skeptical CIOs have one obstacle in mind: security. While security needn’t prevent employees from using tools such as cloud services, we do agree with Avenade CIO Chris Miller: information security should have a presence in the boardroom. Prioritization from the top of the organization is necessary not only to secure proper funding and support for security projects, but also for cultural buy-in.
@Thedodgeretort A. 2 Already more Information Security topics on board agendas, now we need CIOs on seats on boards
— Chris Miller (@ctmiller) May 14, 2015
How important is a security-minded workforce? In an article shared by Tim Grievson, government IT professionals revealed that the largest threat to their organizations are “careless and untrained insiders.” Only 31% are very confident in their policies’ ability to defend against insider threat, and 14% are not confident at all. Even well-intentioned employees can accidentally leak corporate data, and user education is one of the best strategies to prevent this.
Federal IT professionals: insiders the greatest cybersecurity threat https://t.co/mph3uqqntq
— Tim Grieveson (@timgrieveson) May 14, 2015
It’s no surprise that this same security concern came up in an article shared by the University of Mississippi’s David Chou on wise information security spending. The article points out that in addition to training, there are a host of technologies that can help address security breaches stemming from human error. This vector of attack comes with a key challenge: defense strategies must include protection for corporate data accessed by employees outside of the office, the most common example being the use of unsanctioned cloud services that IT may not even be aware of.
Are You Spending Your Information-Security Budget On The Wrong Technology? http://t.co/4htfPFVX4w
— David Chou (@dchou1107) May 14, 2015