Hacking activities mean security risk is everybody's business

The LulzSec hacker group recently announced it was backing off its spree of network break-ins — but only after making off with gigabytes of sensitive documents from large private- and public-sector organizations. Meanwhile, other groups continue on with their hacking activities. Security vendor RSA is still picking itself up from having its token technology hacked earlier this year.

No one, it seems, is immune from security risk these days. But don’t take my word for it.

Howard Stringer, the CEO of Sony, whose PlayStation Network was down for weeks this spring after a breach, recently told Newsweek, “How can I sit here and tell you there will be no further vulnerabilities? We’re dealing with it. Now it’s a known hazard. Everybody is being hacked now.”

Not very encouraging, is it?

Security is no longer the domain of CISOs but also CEOs, who must take responsibility for security risk and how it affects corporate assets, the bottom line and the company’s reputation.

Like the cultures of innovation sponsored by so many of the CIOs whom we have spoken to this year, security risk culture must start at the top. “Dealing with it” just doesn’t cut it anymore.