According to a recent article in the Wall Street Journal, corporate boards are getting much more involved in cybersecurity. What's driving this behavior? While the Target breach probably influenced this behavior, corporate boards now realize that cybersecurity has become a pervasive risk that could have an adverse impact on all businesses.
As the old infosec adage goes, "people are the weakest link in the cybersecurity chain." Clearly, enterprise security professionals agree with this statement. In a recent ESG research survey, enterprise security professionals were asked to identify the factors most responsible for successful malware attacks. It turns out that 58% point to "a lack of user knowledge about cybersecurity risks" – the most popular answer by far (note: I am an employee of ESG).