That is the message companies have according to the Christian Science Monitor survey
“Conventional wisdom” and results of the survey are at odds, there is an overall thinking that all companies are now paying attention to cybersecurity or information Security now that Anthem was hacked and the Sony hack occured. But the opposite is in the survey.
Raytheon (defense contractor) commissioned a survey 1006 (CIO, CISO, and other execs) the results were not what one would think after the many high profile attacks that have happened in the last year. 78% of the company boards have not been briefed on cybersecurity strategy and 75% of senior management view cybersecurity as a necessary cost (like the phone bill I guess).
Just to make sure this is not an outlier the article goes on to say that Pricewaterhouse Coopers found only 41% of boards actively participate in overall security concerns.
Let’s look at some results of the Sony hack: Sure the movie “The Interview) was stopped for a bit, but was released and then made $6mil in the box office, and in the neighborhood of $20mil online. Although they were hoping for more I am sure with a wide release (only showed in 300 theatres) it still made it’s money back. And in the stock market there is no mention in the daily chatter of the financial results (which is what truly matters to boards). As SNE stock is at $27.26 right now.
http://www.sony.net/SonyInfo/IR/
How about Anthem? https://www.google.com/search?q=anthem+blue+cross&ie=utf-8&oe=utf-8#q=NYSE:WLP
Has a stock price of $144.59 and is rising over the first of year (no news of event) from $130.
So let’s review: 2 major hacking events, seeming show stoppers where 80 million records accessed in Anthem and the whole network was shut down for some time for Sony and the stocks are doing well.
If the proof is in the pudding, there is nothing to see. The stocks have done well, even if the brands have taken a small hit in reputation.
Everyone wants their jobs to matter, but they don’t have to matter in an over-inflated sense. The hacks were not set up to destroy the stocks, they had specific goals (Sony to make some headlines – extract PR for North Korea). For Anthem the criminals just got away with our information, yet no appreciable result was seen.
So my apologies for a contrarian view on this Sunday February 22nd. But the major hacks in the last 3 months have not changed the executive mindset.
We are still not going to do what it takes to create secure networks and secure computing environments. Instead (since it is too hard or since we don’t want to talk to the computer people – or whatever) a few hacks will occur.
We can help at Fixvirus.com since there are people who talk regular English (not nerd English) let’s design a better network to reduce the hacks as much as possible.
At oversitesentry.com and Fixvirus.com there have been many articles as to the strategic direction one should take in the Cyber Security realm.