The IT security threat landscape has changed dramatically in recent years with attacks becoming more organised and targeted, especially in the enterprise space. CEOs can no longer just palm the problem off to the technical people in their organisations; they have to take responsibility for IT security within their businesses, according to Microsoft Australia CTO James Kavanagh.
James Kavanagh at Ignite 2015
Speaking at a roundtable at Microsoft Ignite 2015, he talked about how security is a top concern for Australian organisations and how that has changed the role of CEOs.
"Even just two to four years ago, people considered cybersecurity as a technical issue, but now it's really a CEO-level issue," Kavanagh said. "It can't really be delegated down to the technical people. All across Australia you're seeing that. The language and discussion of risk, governance and awareness of security has elevated to the board-level."
He noted that the C-suite level conversations around security may not necessarily be technical but at least it is being discussed. But the question now for CEOs is how can they make good choices in order to combat the growing security threats. To do so, they need to strike a balance between locking down their IT environments and promoting innovation, Kavanagh said.
This was an issue that Microsoft corporate vice-president Brad Anderson also addressed during his keynote at Ignite 2015.
"We need to balance empowerment with security and protection – as IT professionals it’s what we do every day,” he said. "We have responsibilities to users and the corporation in terms of security, reliability and protection.
"As an industry, we’ve been doing it wrong and hiding behind security to justify delivering a bad user experience."
Spandas Lui travelled to Ignite 2015 as a guest of Microsoft