As I’ve been reading a few articles on Edward Snowden it’s beginning to make light a deficiency in many organizations, security. This isn’t a new or earth shattering notion, its been this way for years and in my experience it’s the last thing people think about or put dollars towards. At the 2013 @CIO_CAN Peer Forum Theresa Payton @fortaliceLLC, former CIO of the Whitehouse, painted a pretty clear picture that organizations are not making security a priority.
For IT risk and security, staffing levels should be between 5% and 12% of your total staff but many organizations have < 3%. – Chris Byrne, Gartner Security and Risk Summit, 2012
I’ll admit there is no way most people will be able to convince their organizations to staff 5-12% of their total staff to security. Most organizations have a hard time getting IT staff at 5% of their total staff! However because of what happened and how Snowden was able to gain access to the information he leaked, it will change the minds of those who previously thought security wasn’t a big deal. Recent Gartner numbers on security spend are expecting a global growth of to $86 billion by 2016 – focusing on three areas: mobile security, big data and advanced targeted attacks. I’m sure Gartner has already and is going to be working on different security approaches given this incident.
Theresa also found this quote which I found interesting:
Research cited in the CSIS report suggested many executives refuse to meet with IT security staff, fearing that by knowing the vulnerabilities in their systems, they’ll be held liable for breaches. – O.Canada.com, Jordan Press, December 28, 2012
Some food for thought, but I can definitely see where that train of thought comes from. In this day and age you can’t be an ostrich…scary!