BANGALORE, INDIA: The answer is Yes and No both in true sense. When I am saying “Yes”, it means organizations which do not consider security as important aspects on their agenda items if by chance anything happens related to security, it is CIO who becomes victim of the whole crisis and “No” when it is taken as a conscious risk of running a business without any measure, then of course overall direction and strategy is to be blamed. CIO’s role is to give recommendation and alert with all pro and cons with clear cases becomes vital for the organization.
In recent times it has been seen that security threats have gone up multi-folds. It has no longer remained a choice for executive management team but a necessity. Techies have started working for money see picture below from study. An expert group is involved in all these devil minded deeds. So much so, cyber law is also evolving which can’t guarantee protection and threat to community who are into it.
A very organized criminal group is operating word wide please refer another report below:
Employees expect to use more of their personal equipment and services at work, and enterprises are simultaneously adopting more consumer technologies in business operations.
What does this mean: “Consumerization threatens enterprise security or enterprise security threatens Consumerization?” could be a big question we all have to answer.
"With few exceptions, the tendency to use consumer tech at work isn’t because people want to be awkward or break security or be a pain in the backside."They do it because of frustration, or a problem or limitation with the IT services provided by the organization.“
(Steve Prentice, chief of research at Gartner)
What is simple work around or say not becoming escape goat in face of crisis:
* Reduce nanny state of IT
* Empower users
* Make everyone responsible
* Never ignore legislation but challenge its execution
If I have to state security ripples which slowly envelops the complete community, mindset and thus organization as a whole, has to follow few basic steps as stated bullets below:
* Evaluate (Access Risks and Vulnerabilities)
* Establish ( Policy, Blueprint, implementation plan)
* Educate ( improve internal security skills and communicate policies)
* Enforce ( continuous improvement, action against non-compliance, continuous vigilance)