By now we all know that our businesses are under almost constant set of numerous attacks from outside because of the importance of information technology. Some of the attackers are simply children who are just fooling around with calculated and are trying to see how far they can get. However, other attackers might be organized criminals or even state sponsored hacking team. As with the CIO job, it is your responsibility to protect your business from these attacks no matter where they come. Is it time to go outside the company for help?
We’re from the government and we’re here to help
So the way this story gets started when the US government proposed legislation designed to encourage the dissemination of cyber threat information between government and private sector firms. On the surface, this seems like a great idea. In order for a company to ensure that they do not get surprised hackers slipping through the back door, they first need to fully understand what the risk is. You would think that if the government spoke to everyone, then they would be able to make sure that everyone knew what kind of threats they were facing.
One of the biggest questions that this new legislation brings up is simply “who goes first?” Both government and business have the information in a multitude of different cyber threats. However, it is not clear who is going to open and start sharing first. CIOs believe that it is the responsibility of the government to be proactive and start to quarrel.
What the government is proposing is that companies share cyber threat information with the government’s Department of Homeland Security. This organization would then share the information it had gathered with two other government and private sector information organizations.
Why CIOs May Be careful to help the government
While the idea of sharing cyber threat information with the government seems like a good idea, CIOs are right to be cautious. Now CIOs generally do not share too much information on this topic. Instead, they are just a little shy and do not share too much.
The reason why the person in the CIO position may not want to share cyber threat information with the government are many. They are to this information could put their company out of regulatory compliance. Yes, they want to share information, but not if it is going to damage the company. In addition, there is concern that sharing information will result in the information being shared with their competition. Finally, if the company revealed that it has been attacked, there is always the possibility that they will open up some kind of retaliatory attack.
There is another reason that some CIOs may be hesitant to share cyber threat information with the government. CIOs are not convinced that the information that the government must share with them will be valuable in helping them to improve their company’s security. In addition to the challenge that CIOs would be created if they decided to exchange information with the government was that they would need to scrub the data they shared. All personal customer would have to remove. This is an added expense, and yet another way that companies can have unintended information leakage.
what all this means for you
Unfortunately, along with the CIO position is more responsible for keeping businesses safe from all those who are interested in doing it electronically damage. You can not be sure how many people are trying to break into your network or on the level of sophistication they have.
Instead, what you need to consider is to go out to get some help. The US government recently stated that they want CIOs to be more open in sharing information about attacks on a network with them. The idea is to have some merit for CIOs, but it also comes with a set of risks. CIOs are going to have to decide whether to share such information could harm the company’s reputation or cause it to be deemed out of compliance.
When we try to deal with the complex nature of increasingly sophisticated attacks that are launched against our network, we need to have as much information available to us as possible. The US government wants our information so that they can help other companies. CIOs should participate in this program, though they are going to have to very carefully plan what information they are going to share and when.