The news sensationalizes hackers: they are unstoppable, they will get into your company's IT, they will call you at odd hours just to laugh at your ignorance, but if there's nothing a CIO can do to stop them, why spend so much time thinking about them? This blog post from Dr. Jim Anderson points out the myth of the “super hacker” and breaks down a few common misconceptions about hackers, hacking, and how to stop both. If you can't stop hackers from getting into your systems, for instance, make it hard for them to find their way around once they're in. Making it difficult through the entire process (not just locking the front gate) means you have more of a chance to hamstring hacking attempts:
What a step like this means is that even if a hacker gets inside of your company's IT systems, he or she won't be able to easily get their hands on your valuable customer data. Additionally, rogue employees, a much greater threat than skilled hackers, will also be unable to walk off with your company's crown jewels. It's the responsibility of the CIO to consider likely scenarios like this. Once you've identified something that could happen, you are then obligated to take all of the necessary steps that will be needed in order to protect the company against lawsuits, fines, investigations, and, of course, post-event clean up activities.
In essence, as a CIO you need to realize that things are going to happen that are outside of your control. But in realizing that, you must also recognize that there are things that are within your control, and part of that is to develop multiple plans for defense, be tenacious in your awareness of potential threats, and minimizing damage.