I'm shocked that Target and JPMC did not have a Chief Information Security Officer on staff during their breaches. I do not believe that these individuals would have prevented a breach altogether, but at least their would've been a prior appointed individual to take control of the situation and already have a rapport with executives to take necessary incident response actions. Many of our VISO clients' Executives and even Board members have a relationship with our appointed VISO Garland Heart staffers. We preach to our executives it isn't IF you get breached, but WHEN. The goal is to minimize exposure in a breach scenario as well as respond properly.
A CISO would optimally see an attack coming from different avenues and either enhance controls or put together more defined incident response strategies. For example in the Sony compromise, it was obvious that the entertainment sector was gaining more attention from malicious entities. I'd like to think a CISO would have been empowered to employ additional resources around securing these breached assets. Especially when we investigate the amount of lost revenue Sony is expecting.
Of course a CISO isn't just responsible for their Enterprises' security anymore. Target learned the hard way that networks can be breached from the most obscure of vendors. So CISO's need to implement Vendor Management Programs, Training and especially Incident/Business Continuity plans. The Sony breach resulted in not only lost revenue from entertainment assets being leaked, but also a Denial of Service attack that rendered users down for at least a couple of days. We'd love to hear your thoughts -- feel free to contact us online with questions about anticipating attacks.