CIOs, Cybercrime and ‘Wetware’

Deloitte: Employers Want CIOs to be Strategists or Revolutionaries

Driven by rapid advancements and integrations of new technologies and evolving business needs, the role of the CIO is shifting from steward to strategist or revolutionary, according to a new Deloitte survey of IT executives in the U.S.

According to the poll, 45 percent of nearly 1,000 IT executives surveyed say their own CIO is viewed as a steward while another 45 percent say their CIO is a strategist. The remaining 10 percent claim their CIO is a revolutionary – a percentage Deloitte expects to grow as technology continues to change the way business is done.

Among respondents who do not view their CIO as a revolutionary, 66 percent believe that to be a revolutionary CIO requires four critical skills: industry knowledge, business knowledge, technological experience and staff development.

“Two years ago the goal of the CIO was to cut costs and keep the lights on. They were a steward. They protected current assets and worked with available resources, said Suketu Gandhi, principal, Deloitte Consulting LLP.

“Improvements in the economy and advancements in technology now provide CIOs more tools and resources at their disposal. Mobility allows employees and resources to be available at any location; social platforms facilitate real time conversations; analytics provide virtually instant insights for better decision making; and cloud technologies provide a platform for services to be delivered on a moment’s notice.

“These combined technologies give the CIO the opportunity to be an active strategist and decision maker within their respective organizations, and can allow them to be a revolutionary force. The CIO will increasingly have the ability to actually change how business is conducted.”

The perception of the CIO within a company contrasts survey respondents’ understanding of what IT’s primary contribution to an organization should be. A majority (60 percent) of survey respondents think IT should facilitate growth and productivity — nearly twice as many respondents that believe IT needs to be a competitive advantage (36 percent) for their company.

The poll was conducted during Deloitte’s Dbriefs Technology Executive series: “CIOs as Revolutionaries: A Step Change in the Business-IT Relationship” on July 7, 2011.

Only a Quarter of Employees Bypass Security Policies

According to new research from security firm Webroot, only about 25 percent of employees have tried to bypass company security policies while at work, while nearly all (95 percent) respect the importance of their employer’s measures for protecting their network and customer information.

“It is a pleasant surprise to learn that employees understand the need for increased security and abide by corporate policy,” said Jacques Erasmus, CIO for Webroot. “That said, employees at all levels still introduce risk to a corporate network through activities like surfing the web, shopping online, planning personal events and accessing personal email accounts while at work. As we see more and more malware being spread through the browser, such as Zeus and SpyEye which infects users’ computers to track their keystrokes and steal their banking information, it is vitally important for companies to put in place suitable web security solutions and develop effective and secure web security policies to help protect their organization.”

Surveying more than 2,500 employees in the United States, United Kingdom and Australia, Webroot also found that executive or senior management staff performed non-work related activities during work at a higher rate than their subordinates. For example, 41 percent of executives reported planning personal events such as vacations, weddings or parties while on the clock, while just 35 percent of regular, full-time employees reported doing similar activities.

Of those who skirt around corporate security policies, younger employees (those aged 18 to 29) reported a higher incidence of doing so but employees learn from their coworkers’ mistakes:

  • 26 percent of respondents were aware of someone who received a warning as a result of breaking security policies;
  • 18 percent were aware of someone who was fired;
  • 9 percent someone whose computer privileges were reduced;
  • 8 percent someone who was put on probation.

‘Wetware’ Becoming Preferred Attack Vector

A new report, Cybercrime Futures, commissioned by the internet security company AVG reveals how the explosion in size and complexity of global cyber crime, combined with the surprising complacency of younger users, is putting lives at risk.

The report, authored by the research agency The Future Laboratory, reveals that while cybercriminals and malicious programs are becoming increasingly sophisticated and difficult to detect, users are, alarmingly, becoming less vigilant about protecting their online devices. The combination of these two factors presents a potentially disastrous cybercrime scenario.

Also highlighted in the report is the phenomenon of so-called ‘wetware’, in which the weak link in the security chain is not the technology but rather the human user. The growing risk stems not just from technology (software or hardware) but increasingly from human action (wetware).

It seems that increasingly cyber criminals are focusing on deceiving the human rather than the machine, fooling the user into downloading and installing malicious software by posing as anti-virus providers or another trusted source. This means of entering a user’s computer bypasses the normal security checks, and makes the ‘wetware’ the weakest link.

The key findings of the report were as follows:

– Cybercrime is on the increase as the tools and tactics that were previously used by hackers to cause disruption to machines and networks have been monetized by criminal gangs through bank fraud and ID theft.

– Smartphones are no longer just phones, they are mini PCs, and consumers fail to realize that this makes them as vulnerable to cybercrime as a computer. Just four percent of French internet and smartphone users are concerned about smartphone viruses. Money can be taken almost unnoticed through premium rate SMS fraud; a crime which consumers are unlikely to spot.

– Consumers are aware of the need for antivirus protection but nearly one in ten of those surveyed fail to keep their protection updated. Alarmingly, the 18-35 age group (often cited as the group which is most digitally aware) is particularly complacent about this. – Increasing integration of the internet into physical systems makes us increasingly vulnerable to cyber-attack. The Internet of Things will soon become part of our connected world, opening new opportunities for hackers to cause harm and havoc.

The author of the report, Antonia Ward of The Future Laboratory, said of the findings, “It’s clear that cybercriminals are getting more and more sophisticated, not only in their programming but also in their methods. The idea that they’re moving from utilizing weaknesses in the software to attacking the ‘wetware’ is a disturbing one, and demands that we respond by improving people’s awareness of these rogue programs so that they aren’t so easily deceived.”

JR Smith, CEO of AVG Technologies, said, “The potential impact of cyber-crime must not be underestimated. After the 2008 financial crisis, the OECD began to re-examine today’s potential ‘global-shocks’. Alongside the threats you expect – financial crises, pandemics and social unrest they also included ‘cyber risks’ for the first time. The British government alone has allocated GBP63m to fight cybercrime this year.”

According to the report, the Generation Y users, those who have grown up with an awareness of digital threats, are the most reckless about not protecting themselves. Almost half the UK’s 18-35 year olds don’t update their antivirus software. If they continue to behave like this as they grow older and gain more wealth and responsibility, then we could witness a cybercrime disaster affecting not just personal users but also businesses and governments.

5 key threat scenarios identified in the report:

– Car-hacking: Hackers could take control of your car’s door locks, dashboard displays and even its brakes.

– Jailhouse rocked: Prisoners could be sprung from jail using only a USB stick. – – Health scare: Saboteurs could threaten the wellness technologies we depend on to keep us healthy.

– Sniffers and blackouts: Burglars could monitor your activities then reprogram your home security systems from afar.

– Grid-Jacking: Scammers and terrorists alike could find opportunities in hacking into the Smart Grid.