"The best thing we can do to help law enforcement is to not make it so easy -- kind of like not locking your front door and expecting law enforcement to come and help you. Most companies aren't locking their front and back doors," he says.
Better education, training and security budgets needed
Ongoing education and training can go a long way toward addressing those issues, and two-factor authentication can certainly be a helpful measure, according to Sander. But CIOs and CISOs routinely struggle with budget restrictions. In an exit poll at the CIO roundtable, participants said that the portion of their IT budget allocated to security ranges from 1 percent to 10 percent.
The 19 CIOs and CISOs who attended that meeting make for an admittedly small sample size, but the concern about tight funding that they expressed is common across the business sector, Sander says. He suggests that CIOs and CISOs can help their cause and elevate security as a business priority by making their case to the board of directors, who can then lean on the executive leadership to allocate more resources to tighten up security within the organization.
But CIOs bear some blame on the security front when it comes to dealing with third-party vendors, Sander argues. If a chain is only as strong as its weakest link, enterprises need to give closer consideration to the firms they partner with and offer access to their systems. The high-profile Target breach, after all, came after hackers infiltrated an HVAC vendor that was contracted by the retail giant.
"My experience is this isn't even on the menu. They don't even look at this," Sander says. "I don't believe the IT industry and CIOs are doing enough when they do this outsourcing."
Sign up for MIS Asia eNewsletters.