By Shelley DuBois, writer-reporter
FORTUNE -- If a team of mastermind computer experts wants to hack your company's network, it probably will. But if any rookie hacker with some time to kill can crack your system, that's a problem. And the problem doesn't start with poor technology; it starts with management.
Take, for example, the series of hacks on Sony (SNE) that began in April: they were launched by a prank hacker group called LulzSec, which used a method so simple that a high school kid could master it, says Phil Blank, senior security analyst at Javelin Strategy & Research.
In response to the attack, Sony revamped its security management. In May, the company appointed Sony Global Solutions president Fumiaki Sakai as acting chief information security officer -- a position the company didn't have before.
In fact, many companies have created top-level positions for security information officers, and that's an important first step, Blank says. While security officers may not be able to prevent highly sophisticated attacks, they can help protect companies from simple security breaches. Perhaps their most important job, according to Edward Amoroso, AT&T's (T) chief information security officer, is to integrate the security department with the rest of the company, which is no simple task.
Like IT employees, information security types tend to speak in a somewhat geekier dialect than the rest of a company's rank-and-file, one that can be hard for many executives to understand. More
|AT&T cuts prices again|
|Ukraine crisis: Aid, sanctions and fallout|
|Malaysia Airlines stock sharply lower after plane vanishes|
|Winners and losers of the bull market|
|The medical marijuana ad that never aired, despite contrary media headlines|