Since 2014, CIOs have flagged cybersecurity as either their first or second most important IT management issue in the venerable IT Trends Study from the Society for Information Management. Yet in 2013, cybersecurity came in just seventh in that same survey. What happened in a year? The infamous Target data breach, which resulted in an $18.5 million fine and the ignominious departure of Target\u2019s CEO.The cascading series of disastrous, high-profile breaches since then makes the Target breach seem almost quaint. The message is clear: Year over year, the risk of career-ending breaches looms larger as threats continue to balloon in number and potency.Also in this series:More targeted, sophisticated and costly: Why ransomware might be your biggest threat (CSO)5 firewall features IT pros should know about but probably don\u2019t (Network World)How to bring security into agile development and CI\/CD (Infoworld)UEM to marry security \u2013 finally \u2013 after long courtship (Computerworld)Security vs. innovation: IT's trickiest balancing act (CIO)Pity the poor CSO in the hotseat. Understandably, some feel compelled to jump on every new threat with a point solution, which plays right into the security software industry\u2019s marketing strategy. But no organization\u2019s cybersecurity budget is infinite. How can CSOs possibly determine how to allocate their defensive resources most effectively?The simple answer is twofold: Rationally prioritize risk and, at the same time, make the most of the useful defenses you already have in place. Few dispute that unpatched software and social engineering (including phishing) represent the highest risk in most organizations, followed by password cracking and software misconfiguration. Cut through political and operational barriers to ensuring prompt patching, establish an effective security awareness program, train your ops folks to lock down configurations, and put two-factor authentication in place\u2026and you\u2019ll reduce your overall risk by a magnitude.Sure, anyone can reel off other big risks and vulnerabilities. If you\u2019re operating an electric utility, for example, you need to understand highly targeted threats to critical infrastructure and how to defend against them. And when malicious hackers do inevitably breach your perimeter, the Zero Trust trend of instituting pervasive authentication among systems shows real promise in stopping attacks from moving laterally through organizations.Managing risk as a way of lifeMalware and hackers have plagued systems since floppy disks. But in recent years, a different sort of threat has arisen: The relentless pressure to innovate. Bob Violino, frequent Contributing Writer to CIO, explores the dirty little secret of our digital transformation era in \u201cSecurity vs. innovation: IT's trickiest balancing act.\u201d The point of his article is clear: If security or privacy is an afterthought, your transformative initiative will probably fail, potentially in spectacular fashion. Get the security architects in there early, however, and sensible security becomes integral to the successful outcome \u2014 and can add to the appeal of resulting applications.InfoWorld Contributing Editor Isaac Sacolick explores that topic in detail from a software development perspective in \u201cHow to bring security into agile development and CI\/CD.\u201d As you may have heard, developers have a tendency to feel security is not their problem, instead deferring to security teams that arrive late in the dev process \u2014 teams that may be unaware of vulnerabilities in the very business processes an application was built to embody. An outgrowth of DevOps, DevSecOps makes security a central concern for both developers and operations, not just in avoiding coding flaws, but in automating security testing and monitoring applications for security issues after they go to production.Integrating security into software is also the theme of \u201cUEM to marry security \u2013 finally \u2013 after long courtship\u201d by Computerworld Senior Reporter Lucas Mearian. In the past, managing mobile and\/or desktop devices \u2014 using MDM (mobile device management), EMM (enterprise mobile management), or the latest iteration, UEM (unified endpoint management) \u2014 has overlapped with endpoint security management, but remained a separate process. According to Lucas, vendors are now merging the two to \u201cprovide a centralized policy engine for managing and securing corporate laptops and mobile devices from a single console.\u201d In some instances, that evolution includes machine learning algorithms that automatically assign security policies to users based on such parameters as geographic location, the type of device being used, and whether the network connection is public or private.Sometimes, though, new cybersecurity technology arrives with such little fanfare you don\u2019t even know you already own it. In \u201c5 firewall features IT pros should know about but probably don\u2019t,\u201d Network World contributor Zeus Kerravala pops the hood on the modern firewall to recommend powerful features you may not be aware of, from network segmentation to policy optimization to DNS security. Taking advantage of firewall features lying fallow is a kind of no-brainer windfall \u2013 and Zeus provides sound, detailed advice on how to make the most of it.In the end, however, we must all prepare to defend against the biggest, baddest external threat of our time: ransomware. In \u201cMore targeted, sophisticated and costly: Why ransomware might be your biggest threat,\u201d CSO Senior Writer Lucien Constantin alerts us that ransomware has become so stealthy and sophisticated that it rivals the advanced persistent threat in its pernicious subtlety. Moreover, as recent incidents confirm, ransomware attackers have moved on from blackmailing consumers to targeting organizations that promise a much bigger bounty. How big is the problem? The FBI says that while the number of incidents has remained relatively flat, the payouts are higher \u2014 but no one truly knows, due to organizations\u2019 reluctance to report successful ransomware extortions.Cybersecurity can be a dismal science. As threats multiply, and even democratic institutions are subject to attack, it can seem as if not just systems, but civilization itself is under siege. But that backdrop should only convince CSOs and their organizations to double down on developing smart, prioritized security defenses. We hope this collection of articles from CIO, Computerworld, CSO, InfoWorld, and Network World helps you develop and refine your own successful cybersecurity strategy.