Where's the CISOs? - missing from more than a third of Fortune 500
An astonishing 38 percent of the 2019 Fortune 500 do not have a chief information security officer (CISO), according to a damning new report.
Of this 38 percent only 16 percent (30/190) have another executive that is listed as responsible for cybersecurity strategy, such as a vice president of security. Only four per cent of the 62 percent majority that do indeed have CISOs actually list the role on their company leadership pages.
A separate report by Brian Krebs found the situation even worse on a global basis with just five percent of the top 100 companies having a CISO.
In addition, the Bitglass report found that 77 percent of the Fortune 500 do not mention on their websites who is responsible for security strategy, and 52 percent do not have any language relating to customer or partner data protection.
"Corporate social responsibility initiatives have made it onto the websites of the Fortune 500, but research has shown that the same level of importance is not being given to publicly demonstrating commitment to cybersecurity initiatives," said Anurag Kahol, chief technology officer of Bitglass. "Lax security and its resulting breaches have long-term repercussions for organisations as well as their customers, shareholders, partners, and other stakeholders. Members of the Fortune 500 should be focused just as much on protecting personal data and consumer privacy as they are on other areas of social responsibility."
The report from Bitglass, ‘Cloudfathers Fortune 500 Cybersecurity Report’ scanned the websites of Fortune 500 companies for key cyber-security phrases, job titles and security mission statements.
Levels of engagement with security practices varied widely by industry vertical, with aerospace, finance and technology firms considerably outpacing peers in the hospitality, construction and oil and gas industries.
The transportation industry segment of the Fortune 500 sees the vast majority (57 percent) of its companies listing an executive as responsible for cyber-security strategy, while aerospace industry (33 percent) and the insurance industry (30 percent) rank second and third. A massive 89 percent of organisations in the aerospace industry provide detail about data protection for their customers and partners, followed by finance (72 percent) and technology (66 percent).
However, none of the Fortune 500 hospitality companies listed a cyber-security strategy executive at all, and this poor performance was echoed in the manufacturing and telecommunications industries, which managed a mere eight per cent and nine per cent respectively. Construction, oil and gas, and hospitality industries all managed to provide details about how they protect customer and partner data - in 25 percent of cases.
Although Europe-wide regulations such as GDPR require enterprises that process large volumes of customer data to internally nominate a Data Protection Officer (DPO), there is no stipulation that they should be publicly visible.
In an Opinion article by Sean Duca, regional chief security officer for Asia Pacific, Palo Alto Networks, to be published by SC Media UK later this month, Duca comments: "If a company isn’t able to see cyber-security as a strategic business investment, it will not involve the people responsible for cyber-security as part of the strategic team. Equally, if those at the forefront of cyber-security are not part of the executive team, the organisation won’t have the knowledge or commitment to treat cyber-security as a strategic investment."
Industry: Cyber Security
- Network Security Engineer
- €550 a day
German- based contract opportunity This is an onsite based position, we would need the Network Security engineer to be able to work on the client site 5 days a week Seeking an experienced Network Security Engineer for a leading technology company. Strong expertise in firewall/IPS solutions, proxy solutions, and certificate management is required. Good hands-on experience in networking and web-related technologies necessary. Strong problem-solving skills and the ability to work under pressure are essential. we are looking for a Network Security Engineer with the following experience: · Expertise in Administration, Management & Troubleshooting of Firewall / IPS solutions / Proxy solutions/Certificate Management Solutions · Good Hands-on Experience on security devices (PaloAlto/ /McAfee Proxy/CISCO ISE/Certificate Management) · Good Hands-on Experience in Networking with skills of switching, routing & wireless Technologies · Familiarity with web related technologies (Web applications, Web Services, Service Oriented Architectures) and of network/web related protocol · Configuration of NAT / PAT, firewall policies, profiling, objects, AD-Integration, backup – restore · Knowledge of Subnetting TCP/IP Communication, VLSM Configuration of VLAN VTP · Configuration of Routing Protocols e.g. RIPv1 & v2, OSPF, EIGRP, BGP Knowledge of standard and extended ACL 12 month contract
- IAM Consultant
- Upto £110,000 depending on level of position
Identity Access Management (IAM) Consultant Location: Germany We are seeking an experienced IAM consultants in Germany. we are looking for people from consultant through to Architect, The ideal candidate will have previous IAM deployment experience and be fluent in German. Key responsibilities: Design and implement IAM solutions for clients Provide expertise on industry best practices and standards Troubleshoot and resolve IAM-related issues Work closely with clients to understand their business requirements and provide solutions to meet those needs Qualifications: Previous deployment experience with IAM solutions Fluency in German Strong understanding of IAM technologies and principles Excellent communication and project management skills If you are an experienced IAM consultant with a strong track record of delivering successful projects, please apply today.
- ForgeRock Consultant
- Upto €85000 plus benefits
ForgeRock deployment consultant is needed for this expanding IT Services business within Spain, to act as their ForgeRock technical lead, Responsibilities include: High level and low level design, Scoping the techical needs of the project design, configure, develop and test the forgeRock deployment. We are looking for a strong IAM consultant ideally with ForgeRock experience, Must have strong Oauth 2.0, SAML and API experience
- IAM Consultant
- Upto €85000 plus benefits
An Identity & Access Management Consultant is needed for an expanding IT Security consultancy, based in France. (Remote role with monthly office meet-ups) The Identity & Access Management Consultant will be responsible for the technical design and implementation of Identity & Access Management/IAM products for a wide variety of clients. Deliver bespoke end-to-end consultancy service to our clients, from gathering requirements through to implementation. Work in a close team designing, developing, and implementing first-class IAM solutions. Manage client relationships, working closely with key stakeholders to continually evaluate business requirements and ensure the highest quality solution delivery. If you are interested we are looking for an individual with Previous experience working within the IAM or CIAM field is essential, Strong knowledge with SAML and Oauth and ideally OpenID Previous experience from any of these technologies: One Identity, SailPoint, Saviynt, Ubisecure, Ping Identity, would be advantageous