The upper ranks of corporate security are seeing a high rate of change as companies try to adapt to the evolving threat landscape. Many companies are hiring a chief security officer (CSO) or chief information security officer (CISO) for the first time to support a deeper commitment to information security.
I have been traveling around the world since late 2013 speaking at conferences on Point-to-Point Encryption (P2PE). It has taken me to places like Bangkok, Singapore, Sau Paulo, Vancouver, Banff, Barcelona and London. Early on, I would get a lot of blank stares and nods but little interest or interaction from the audience. At that time, it seemed that the general response was that security was just something that merchants had to do for compliance. The risks were largely unknown. After a few card data breaches from major merchants like Target, Home Depot and UPS, merchants started to take notice as the risks of getting it wrong took center stage. There were about 1,600 breaches last year, that’s an average of 30 per week. And, those are only the reported breaches. A “breach” only hits the press when the hacker does something wrong and gets found out. And, this is bad news for the hacker because once their Malware is found, the holes are shortly plugged and the flow of card data stops. The ultimate goal for hackers is to hide in the weeds of unsuspecting and unprotected merchant systems and silently exfiltrate valuable card data over as long a period of time as they can.
Michael Reaves/Getty Images
And then there were 48.