"The first step is for banks to admit there is a problem before they can address it, and many bankers are still in denial," says Shirley Inscoe, author of the book "Insidious: How Trusted Employees Steal Millions and Why It's So Hard for Banks to Stop Them."
Social media, mobility and cloud computing are new areas of risk for organizations, and risk managers need to go back to the fundamentals of understanding the information they are protecting, says Robert Stroud, ISACA's international vice president.
Since becoming Vermont's first CISO three years ago, Kris Rowley's been on a quest to create an IT security culture in state government. Rowley's latest initiative, bringing risk assessment in-house, is helping build that culture.
Now that the FFIEC Authentication Guidance update has been issued, there is no more important task for banking institutions than to conduct their risk assessments, says Matthew Speare of M&T Bank Corp.
By leveraging infrastructure that exists, a DoD-DHS-private sector cyber pilot suggests the nation can provide substantial additional protections across its critical infrastructure for only a fractional increase in cost.
"Our role is changing in the fact that we see fraud being perpetrated in a new manner everyday via malicious software, banking Trojans and online theft," says Jean-FranÃ§ois Legault, senior manager of forensics and dispute services at Deloitte.
Eddie Schwartz didn't shy away from the offer to become RSA's first chief security officer after the security firm experienced a sophisticated advanced-persistent-threat breach. Instead, Schwartz embraced the hack as the reason to take the job. (See RSA to Get Its First Chief Security Officer.)