Chief information security officer

What it actually takes to prevent a hack attack

July 11, 2011: 2:39 PM ET

Digital security is no longer an issue you can relegate to the IT department. Top-level execs need to be in on the discussion from the start.

By Shelley DuBois, writer-reporter

FORTUNE -- If a team of mastermind computer experts wants to hack your company's network, it probably will. But if any rookie hacker with some time to kill can crack your system, that's a problem. And the problem doesn't start with poor technology; it starts with management.

Take, for example, the series of hacks on Sony (SNE) that began in April: they were launched by a prank hacker group called LulzSec, which used a method so simple that a high school kid could master it, says Phil Blank, senior security analyst at Javelin Strategy & Research.

In response to the attack, Sony revamped its security management. In May, the company appointed Sony Global Solutions president Fumiaki Sakai as acting chief information security officer -- a position the company didn't have before.

In fact, many companies have created top-level positions for security information officers, and that's an important first step, Blank says. While security officers may not be able to prevent highly sophisticated attacks, they can help protect companies from simple security breaches. Perhaps their most important job, according to Edward Amoroso, AT&T's (T) chief information security officer, is to integrate the security department with the rest of the company, which is no simple task.

Like IT employees, information security types tend to speak in a somewhat geekier dialect than the rest of a company's rank-and-file, one that can be hard for many executives to understand. More

Current Issue
  • Give the gift of Fortune
  • Get the Fortune app
  • Subscribe
Powered by VIP.