The FBI on Monday sent a warning to some U.S. businesses that hackers had unleashed malicious software that allowed them to overwrite data on a company's hard drives — making it almost impossible to recover the information.
The five-page FBI confidential "flash" warning went to security personnel at large companies. It asked the businesses to be on the lookout for similar malware, security researcher Brian Krebs reported.
The position at a large company that protects against such breaches is known as a chief information security officer. Experts say these jobs are becoming increasingly difficult to fill.
Little-known just a decade ago, CISOs today are worth their weight in gold now and hard to keep. Perhaps more surprising, the position is still not universal at large corporations, but it should be, said Geoff Webb, senior director of strategy at NetIQ in Houston.
"It's not window dressing. It's critical. You need someone who can go into the board room and tell them they've got to spend money on security and make them listen. It's not a popular conversation," he said.
Too often, companies only hired a CISO after they've experienced damaging breaches.
JPMorgan didn't have a CISO when it was breached earlier this year. Neither didTarget when it was hit in 2013. Or Heartland Payment Systems in 2009 or TJX in 2007.
Sony only hired its first CISO in 2011, after it was hit with a massive breach of the PlayStation Network, its online system that connects PlayStation video game consoles.
That was Philip Reitinger, previously the Department of Homeland Security's deputy undersecretary for the National Protection and Programs Directorate.
No comments:
Post a Comment