It's probably both a good and bad thing that outbreaks like the Mydoom virus really don't worry top IT professionals anymore. Bad, because these things are happening so often now nobody's surprised. But that's also part of the Good, because IT pros are quickly learning how to protect their installations against such attacks, deploying defenses ahead of time and educating users on how to help keep client devices up to date.
What does keep IT types awake at night (besides having to present budget reports to the board of directors) is wondering what the next big bad thing is going to be. Whenever it hits, according to some top CIOs at the Comnet show in Washington, enterprises are likely to be more on their own than not, since anti-virus and anti-spam software and hardware isn't as robust as they'd like it to be.
Bob Gayley, chief information officer at Amtrak, told an audience here Tuesday that relying on security software firms is increasingly less of an option. "The time you have to react [to attacks] has gone down massively," Gayley said. "It's minutes now, not hours. And the virus protection firms need 13 hours [to craft a response]."
Both Gayley and David Swartz, CIO for information systems and services for The George Washington University, said they'd like to see more power in security applications and in connectivity services, rather than having to do all the heavy lifting in-house.
"The things we do manually [with security software], have to be automatic," Swartz said. "Those capabilities don't exist today. The programs should [be able to] auto-isolate, and quarantine. That's not working today."
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
