Having an account compromised is both infuriating and terrifying. Someone reaching into your personal information and using it for their own monetary gain is a personal violation most people would rather avoid. Big cyber-attacks on large corporations like Target, Home Depot, and even JP Morgan Chase make many consumers wonder not only if their information can ever really be safe, but also who is really to blame for not ensuring the safety of their accounts. Many people are quick to blame the attackers, some blame IT departments, but it is possible the finger should point much higher than previously believed.
Part of the problem with cyber-security lies in the fact CEO’s and CAO’s either are not educated in cyber-crime, or they do not take the initiative to train their staff. According to Dan Verton writing for Computerworld, the US Secret Service tested IT preparedness on the Stanford University campus. During this test, 180 senior level executives from the private sector were tested on their knowledge of internet security. While the details of the test were not released, the test did show these executives were relying on government entities, such as Department of Homeland Security, to implement cyber-security rather than working towards building knowledge and security within their own corporations. This lack of local response leaves a chasm in prevention that cyber attackers rely on.
Eugene Spafford from Purdue University was interviewed in an article entitled “A New Path to Better Cyber-security” in which he agrees the response to cyber-attack needs to be local as well as global. According to Spafford, there should be a local “extension office” that offers advice and training to help identify and combat these cyber-attacks. Because the IT department does not have the power to offer training to all employees oftentimes, it only makes sense for those higher up the chain of command to step forward to do so. With training programs readily available, this should not be a huge dilemma for corporations.
Programs offered by such sites as EC-Council.org, offer training in the tools hackers use to help prevent these mass attacks. With cyber-crime on the rise, and since the Global Economic Survey in 2012 showed private sector corporations are exceedingly at risk from their own employees as well as from outside entities, local prevention implemented at the highest level of power within a corporation seems key. Who better to protect both consumers and the corporation than its own leaders?
Only putting the blame on the criminals will not prevent crime. There has to be more accountability at the executive level to understand, train, and prevent cyber-attacks. Expecting IT departments to bare this burden alone will not work. Government entities cannot always keep up with the growing demand for internet protection. It is time corporate executives took accountability for educating themselves, their staff, and protecting their customers from these vicious attacks. Just as you lock your home to prevent theft rather than only blaming the thief, CEOs and CAOs must also work on prevention instead of blame.