Is 'Cyber' Misleading?
Mar 6, 2014 7:15am
By John Glowacki
Coming through the holidays, most should have heard the revelations about the intrusions and theft of customer data at Target Corp. and Neiman Marcus Group. The investigations continue and more facts and hypotheses are being revealed. Stepping back from the details, one wonders about the progress being made (or not) by America's businesses.
One dilemma may be in the way "cyber" is used as an umbrella term for a vast set of threats. When people discuss cybersecurity, it is generally in the context of national security, privacy, the financial community, and perhaps the utility industry. It's reasonable to think that retailers are more concerned with physical theft in stores and their view of the cyber threat is primarily against their core financial systems in the data center. I have no doubt the IT and security specialists at the violated companies had concerns about threats to the point of sale systems, but was this taken as a potential risk in the risk management processes of company management and the Board? The point here is not to point fingers at the victims du jour. When questioned, most people would not have put retailers as a top risk for cyber theft -- after all, they are retailers, not in the financial or utility industries.
While we cannot expect all business leaders and company boards to be experts in cybersecurity, there is an obvious need for each of us to raise our awareness relative to what we manage.
Probably, a good tip for approaching the problem is to forget the name "cyber." This is not just a threat to your IT systems, it is a threat to your business potentially enabled by your IT systems. Sometimes, just the change in perspective is all that is needed to get things going.