"CEOs (chief executive officer) should understand that data loss, once it becomes public, puts their brand and shareholder equity at risk," said Pat Clawson, CEO and chairman of Lumension Security.
In the recently concluded "CEO Forum on IT Security" event held at the Shangri-La Hotel in Makati City, Clawson told CEO participants that a company's brand could be damaged "irreparably" due to stolen information, and the business could lose customers.
"CEOs must take responsibility for understanding the impact on what data loss has for their business. They need to raise it to a board room issue," Clawson said.
Executives from Lumension, along with local enterprise security solutions company VSSC Distribution Inc., who hosted the breakfast forum on Monday, told Computerworld Philippines that the event is the first of a planned series of CEO forums focused on IT security awareness.
Jun Santos, president of VSSC, said the forum gathered around 40 CEOs belonging to the country's Top 100 corporations, including government.
"The event was well received and we plan to do this twice or thrice a year and we expect it to grow bigger every year," Clawson told Computerworld Philippines. "This is not really about our product. It's more about IT education where people such as CEOs and CIOs (chief information officers) can learn from each other."
Santos and Clawson noted that the forum attracted a mixture of CEOs and some CIOs.
"In many respects, it is IT education for CEOs because CEOs usually don't like to say what they don't know," Clawson revealed. "They find it hard to ask questions within their organizations because it might yield that they don't know something."
Clawson said it is important for CEOs to have "a strong CIO" that they can count on and who would educate them about IT. Yet CEOs, he said, must force themselves to learn.
Clawson revealed traditional security is no longer relevant as most IT security products today were built for problems 10 years ago.
"Information is an enormous risk today. It is a much more fluid world," he said, citing that data can be stolen or lost with the simple use of some of today's mainstream technologies such as Bluetooth, Blackberries and social networking sites like Facebook, the usual stuff that CEOs use.
"These technologies could trigger attacks of polymorphic viruses," Clawson said, referring to an IT virus that changes code whenever it passes to another machine. Experts describe it as a difficult virus to detect if one is only using antivirus scanners.
"This is why CEOs should be aware of IT security because they could be that CEO whose data gets stolen, "Clawson said. "Not only will they lose their job as CEO but also destroy their company's brand along the way."
The Lumension executive revealed that most virus attacks today are "financially motivated," targeting organizations in the government, banking and finance sectors. He quoted a study reporting that worth US$200 billion in revenues were lost in 2007 as a result of stolen information.
Clawson said that in 2007 alone, nearly 5.49 million unique samples of malicious software and codes were found, challenging many organizations' traditional capability to safeguard information from all kinds of threats.
However, in his message to IT bosses, he advised there are three things to consider in dealing with the threats,and these are: manage vulnerabilities, protect data, and recognize that change is inevitable.
Meanwhile, Santos said the CEO forum on IT security is very essential for VSSC being a provider of enterprise security solutions. "It is important for VSSC to share to key industry players the proper way of securing crucial corporate information.Threats are increasingly growing each day and this is also an opportunity to assure these companies that we have a company such as Lumension that will help us protect our companies."