1x1


ONLINE FEATURES Book Reviews BW Video Columnists Interactive Gallery Newsletters Past Covers Philanthropy Podcasts Special Reports BLOGS Auto Beat Bangalore Tigers Blogspotting Brand New Day Byte of the Apple Economics Unbound Eye on Asia Fine On Media Green Biz Hot Property Investing Insights Management IQ NEXT: Innovation NussbaumOnDesign Tech Beat Working Parents TECHNOLOGY J.D. Power Ratings Product Reviews Tech Stats Wildstrom: Tech Maven AUTOS Home Page Auto Reviews Classic Cars Car Care & Safety Hybrids INNOVATION
& DESIGN Home Page Architecture Brand Equity Auto Design Game Room SMALLBIZ Smart Answers Success Stories Today's Tip INVESTING Investing: Europe Annual Reports BW 50 S&P Picks & Pans Stock Screeners Free S&P Stock Report SCOREBOARDS Hot Growth 100 Mutual Funds Info Tech 100 S&P 500 B-SCHOOLS Undergrad Programs MBA Blogs MBA Profiles MBA Rankings Who's Hiring Grads

FEBRUARY 11, 2005
VIEWPOINT
By Bill Hancock

Cybersecurity: It's Dollars and Sense
Few CEOs grasp the case for investing in safeguards against hackers, worms, and the like. It's every chief information officer's duty to banish that innocence


  STORY TOOLS
Printer-Friendly Version
E-Mail This Story

POLL INSTANT SURVEY >>
With which of the following statements on outsourcing do you most agree?

The benefits of outsourcing to corporate America far outweigh the costs
There's an even split between the drawbacks and rewards
Any benefits are overshadowed by the loss of U.S. jobs
Unsure

VIEW POLL RESULTS >>
  PEOPLE SEARCH

Search for business contacts:

First Name :
Last Name :
Company Name :

PREMIUM SEARCH
Search by job title, geography and build a list of executive contacts

Search by Zoominfo
  Tech White Papers
Most Recent
Most Popular

No one really wants to spend money on cybersecurity. Not only is it technically impossible to completely secure cyberspace, but the technology is complicated, the vocabulary arcane, and the expertise to make it happen hard to find -- and even harder to apply. Worse yet, most managers never learned how to calculate the value of -- and communicate the business case for -- cybersecurity.


Yes, I realize that overall spending on cybersecurity continues to increase every year. Yet every executive I know is kicking and screaming about its cost along the entire way.

45,000 OPEN DOORS.  The sad reality is that every computer network has cybersecurity exposures. This is due in large part to the fact that most software and computer systems focus on function, not security. Security is bolted to computer systems using things like firewalls and intrusion-detection systems. Additionally, the communications methods used to deliver data are over 30 years old, coming from a time when security was less of an issue.

Compounding the problem, as software has become more sophisticated, the code used to write it has grown significantly. Conventional wisdom says you can expect to find about one bug for every 1,000 lines of software code -- and every bug is an opening for hackers. The 45 million-line operating system that runs your computer may have 45,000 ways to be breached by a hacker. These hackers are smart, and most have much more time to spend attacking you than a typical system administrator can spend defending against them.

Attacks are also becoming increasingly automated, which compounds the problem. Computer worms and other autonomous, malicious programs can attack and infiltrate these complex environments in a relentless, methodical fashion.

EASY AS ABC.  Most senior executives are aware of these cybersecurity issues. The problem is that these issues rarely turn into funded information-technology projects when evaluated against other business priorities. Sure, every survey of chief information officers says cybersecurity is one of the very top issues for a company. Yet in most executive suites, cybersecurity is considered necessary to stay in business, but not to make the business bigger. So what if a PC gets hammered by a worm? It won't kill the business, and the expense to clean it up will be minimal.

There's a way to deal with this dilemma. Chief information officers need to translate the IT priority of cybersecurity into a business priority that the CEO can't ignore. The basic framework I've used to build the business case for cybersecurity I call the ABC's of Security Management:

Asset protection: Most businesses recognize that they must protect their physical and intellectual assets. For example, they can't let someone steal their patents. The same kind of rigor that is applied to valuing, protecting, and insuring traditional assets needs to be applied to cyberassets. If someone steals your customer- or product-development data base you could be put out of business.

Brand protection: Every CEO is concerned about the outfit's brand. CEOs can increase the perceived value of the company through the equity they build in their brands. What if your company is hit by a hacker and all the credit-card data from the e-commerce wWeb site is compromised? What happens to the value of the brand -- and to your stock price?

Compliance: Probably the strongest justification for investing in cybersecurity is that you don't have a choice: It's the law. Actually, it's lots of laws. Sarbanes-Oxley (SOX), Graham-Leach-Bliley (GLB), the Health Insurance Portability & Accountability Act (HIPAA), and the USA Patriot Act all have provisions that require securing IT applications, data, and infrastructure.

SHINING EXAMPLES.  Once you've used the ABC's to make cybersecurity a business priority, what next? While there is no cookbook for cybersecurity, there are some best practices I've seen at leading companies.

Hire outside experts: The best approach is to integrate your internal IT expertise about applications, data, and business processes with outside expertise on how to identify and protect against cyberthreats. In most cases, you can save money by engaging these cybersecurity experts on a short term basis to do periodic assessments, audits, and updates of your security systems and procedures.

Evaluate your IT suppliers: Ensure that the IT solutions you buy -- just like corporate networks, applications, servers, and storage -- follow the best practices for cybersecurity and can be included in your "chain of trust" to comply with government regulations.

Take one step at a time: You can't solve all your cybersecurity problems at once. Build a list of your cybersecurity vulnerabilities and prioritize the items based on business value. Focus on the high-value items that keep the business running and allow it to grow.

Cybersecurity is a journey, not a destination -- you'll never be completely done. The important thing is to keep moving forward, continuously improve, and focus on the details many think aren't so important.


Bill Hancock is Chief Security Officer of SAVVIS Communications and is chairman of the FCC's Network Reliability & Interoperability Council Homeland Security focus group on cybersecurity
 BW MALL   SPONSORED LINKS
  • Guaranteed Mailing Lists  Guaranteed List, we are your guaranteed source for mailing and telemarketing lists. Our lists are 100% guaranteed. For a free, no obligation list recommendation and price quote, call us toll free.
  • Introducing SAP Business ByDesign-EXCLUSIVE PREVIEW  Check Out SAP's Most Complete On-Demand Business Software For Midsize Co. Sign Up For Free Preview.
  • Recruiting & Staffing Software  The industy's #1 Applicant Tracking System! Solutions for SMBs and Enterprise organizations.
  • Work doesn't have to suck...   Unleash your team's talent with web-hosted collaborative innovation software from OpenTeams.
  • Office Equipment / Low-Price Guarantee  Office Zone has thousands of office equipent and products to choose from. Products include laminators, binding machines, paper shredders, cutters, furniture and more. Browse through our wide selection and order your office equipment today!
Buy a link now!


Get BusinessWeek directly on your desktop with our RSS feeds.XML

Add BusinessWeek news to your Web site with our headline feed.

Click to buy an e-print or reprint of a BusinessWeek or BusinessWeek Online story or video.

To subscribe online to BusinessWeek magazine, please click here.

Learn more, go to the BusinessWeekOnline home page
Back to Top


TODAY'S MOST POPULAR STORIES

  1. Yahoo's High-Stakes 'No Thanks'
  2. Closing the Door to Microsoft Vista
  3. Two Battered Behemoths, One Bold Bid
  4. Circuit City Gives Up the Fight
  5. The Latest Twist in Student Loans

Get Free RSS Feed >>
  MARKET INFO
DJIA 12832.18 -44.13
S&P 500 1403.04 -0.54
Nasdaq 2495.12 +6.63

Portfolio Service Update

Stock Lookup

Enter name or ticker



Copyright 2005, by The McGraw-Hill Companies Inc. All rights reserved.
Terms of Use | Privacy Notice

Media Kit | Special Sections | MarketPlace | Knowledge Centers
McGraw-Hill Cos.