Cyber Security Must Become a Company-wide Concern.
Cybersecurity threats today represent a major challenge for company executives, many of whom admit to knowledge gaps about the real dangers and solutions.
A widespread lack of knowledge about potential technology threats is one of the shortcomings of modern C-level business executives, according to two recent Nominet studies. Too many business leaders, well over half of the 400 responses from company executives in the U.S. and U.K., show a surprising lack of understanding about current threats.
Nick Allo, a technology leader with one of the top IT companies in Orlando shares insights into how organizations can reduce risk and eliminate employee stress when it comes to cybersecurity challenges.
Expectations vs Realities
Threats extend far beyond simple data breaches. They are of universal concern, but there is widespread acceptance that such breaches will occur. Of greater concern today are malware, ransomware, phishing and crypto mining.
Gaps in understanding concerning those threats pose significant problems, particularly for those corporate IT executives charged to identify and deal with technology threats. High stress and underfunding of IT departments are all too common.
Burnout and significant employee turnover continue to plague corporate efforts to address existing problems. Inadequate funding exacerbates an already serious situation, and, unfortunately, it has become a growing, global problem.
There is also little common agreement about just who, in the corporate environment, should ultimately be responsible for cybersecurity. In firms that have a Chief Information Security Officer (CISO), a whopping 90 per cent of those charged with the responsibility believe that they lack at least one major resource to defend against an attack. Nearly 60 per cent would like more advanced technology.
A Company-wide Focus
Cybersecurity threats are so widespread and so varied that concern about cybersecurity should extend beyond the IT department. But that is too often not the case. The disconnect seems to be that it is as much a “people issue” as it is a technology issue, and that lack of understanding represents a major vulnerability.
Even though no one disputes the need, there is little agreement about how to address the shortcomings. More than half of the network security specialists say they feel their board understands that a breach is inevitable, but they also fear for their jobs in case of a breach.
Among company CISOs, the stress is all too evident: fewer than one-third stay in the position for three years or more; one quarter say that the stress has affected personal relationships and health, and almost 20 per cent admit to counteracting job stress with alcohol or by self-medicating.
More Money, or More People?
It’s simply a fact that the proliferation of technology, and the growing variety of devices, will only increase the threat.
Most IT security specialists would welcome additional funding. But most security departments would also be more efficient and more able to detect threats if there were more people. Seventy per cent of firms say that a security specialist on the management team would be beneficial; only six per cent say they have one.
But, according to those who have taken a long, hard look at the problem, staffing and funding alone will not make the difference. What they say is called for is a fundamental change in priorities and the recognition that cybersecurity must be addressed by all levels in the company structure, and given priority status from the boardroom to the rank and file. It’s not a job for only one person or one department.