Fraud, Feds top concerns as CSOs meet in New York

More than 85 information security experts gather at conference

NEW YORK - The explosive growth in online fraud and the impact of tough new federal regulations were on the minds of information security executives who gathered in New York Tuesday for the second annual CSO Interchange, a gathering of chief security officers (CSOs).

Regulatory compliance was the top concern among conference participants, followed by the threats posed by computer worms, viruses and Trojan horse programs, which executives said were having a financial impact on their companies, according to the results of a survey conducted at the show.

Howard Schmidt, the former White House Cybersecurity Advisor, started CSO Interchange and security company Qualys sponsored the conference. The event brought together more than 85 information security experts from a variety of fields, including financial services, healthcare, technology and government.

In roundtable discussions, security executives discussed a wide range of topics, from threats posed by the spread of wireless technology and by attacks that use previously unknown, or “zero-day” software vulnerabilities.

Thirty percent of those surveyed at the show said that complying with regulations was their top security issue. Twenty-eight percent listed worms, viruses and Trojans as the most important issue, followed by end-user sloppiness, which ten percent of those polled said was their number one security matter.

Eighty percent of those surveyed said that cyberattacks had a bottom-line financial impact on their organizations, though most, 62 percent, said that impact was less than US$50,000 a year.

Online fraud was also on the minds of those present at the event. Sixty-nine percent said they were concerned or very concerned about the problem.

The growth in online threats, including online identity theft attacks known as “phishing scams,” in the last year demonstrates the need for organizations to have comprehensive security plans in place, said Rich Baich, chief information security officer at ChoicePoint Inc., which makes identification and credential verification systems.

As IT security issues take on more importance, the profile of CSOs is also rising, according to attendees. Almost 70 percent of those polled at the show said that they report directly to their company's chief executive officer or chief information officer, according to the survey.

While moving into executive ranks, however, CSOs face challenges.

Sixty-nine percent said their job became harder or “significantly harder” in the last year, with many of those polled reporting stagnant hiring and budgets for IT security.

Even when companies can take on more IT security staff, more than sixty percent said that they had difficulty finding skilled candidates, according to the survey.

CSOs also face organizational challenges, as they shift from a “necessary evil” to an integral part of the executive team at many organizations, said Schmidt.

Among other things, CSOs need to pass off more routine IT security tasks, such as antivirus technology management and security audits, to traditional IT staff, he said.

To make comprehensive plans work in large organizations, CSOs have to learn how to get other executives to sign on to the plans, and translate security issues into terms that other business executives can understand, such as creating value for companies and getting a return on investments in security technology, ChoicePoint's Baich said.