By Shelley DuBois, writer-reporter
FORTUNE -- If a team of mastermind computer experts wants to hack your company's network, it probably will. But if any rookie hacker with some time to kill can crack your system, that's a problem. And the problem doesn't start with poor technology; it starts with management.
Take, for example, the series of hacks on Sony (SNE) that began in April: they were launched by a prank hacker group called LulzSec, which used a method so simple that a high school kid could master it, says Phil Blank, senior security analyst at Javelin Strategy & Research.
In response to the attack, Sony revamped its security management. In May, the company appointed Sony Global Solutions president Fumiaki Sakai as acting chief information security officer -- a position the company didn't have before.
In fact, many companies have created top-level positions for security information officers, and that's an important first step, Blank says. While security officers may not be able to prevent highly sophisticated attacks, they can help protect companies from simple security breaches. Perhaps their most important job, according to Edward Amoroso, AT&T's (T) chief information security officer, is to integrate the security department with the rest of the company, which is no simple task.
Like IT employees, information security types tend to speak in a somewhat geekier dialect than the rest of a company's rank-and-file, one that can be hard for many executives to understand. More
|Students cry foul over athletes unionizing|
|Delinquent IRS employees paid bonuses by the agency|
|Court quizzes Aereo: Do TV streams break the law?|
|Is capitalism driving itself out of business?|
|Premarkets: Waiting for big tech earnings|