CEOs urged to make infosecurity a priority

New report warns business leaders of security threats

Chief executives and directors were this week urged to make information security one of their top priorities and do more to engage with their IT departments, as yet another report predicted more serious threats for 2008.

The call came from business leader organisation the British-North American Committee (BNAC), which released a new document outlining the steps chief executives should be taking.

Cyber Attack: A Risk Management Primer for CEOs and Directors recommended senior decision makers establish comprehensive information security policies, and also that they keep abreast of changes in security technology and best practices themselves.

"Too often CEOs and directors fail to understand the level of potential risk and liability, and cede responsibility for dealing with cyber attacks to their IT department," the report said. "Instead, leaders of corporations, nongovernmental and not-for-profit organisations, and public sector agencies in the 21st century must know enough to at least ask the right questions of their chief information officer."

It warned that many chief executives fail to appreciate the scale of the problem, recognise the consequences of a security breach on the business, or understand that problems with the security systems of third parties may impact their organisation.

"Much work is needed to increase the security of the internet and its connected computers and to make the environment more reliable for everyone," warned former Icann president Vint Cerf in the report. "Security is a mesh of actions and features and mechanisms. No one thing makes you secure."

In related news, a new report by managed security service provider ScanSafe released this week warned IT security chiefs to be on their guard against more attacks on their web sites.

Techniques such as hiding malware in online advertising will continue next year, as hackers look to infect consumers' PCs with Trojans, it claimed.

"A large number of these sites are heavily reliant on Web 2.0 technology, but because there has been a huge explosion in the number of sites, there is tremendous demand for web developers," explained the firm's senior security researcher, Mary Landesman. "Many sites are being developed by people who aren't security savvy and there's a reliance on third party applications which may have vulnerabilites."

ScanSafe also warned that the risk of data leakage through social networking sites will increase as employees deliberately or inadvertently discuss sensitive corporate information, or post inappropriate information.