Cybersecurity is a topic that is constantly on the mind of IT professionals throughout the world. With the unbelievable growth of ransomware and system infiltrations over the past decade, IT teams are shellshocked from the hits that just keep coming from all directions. There are common threads that you will see in a variety of different organizations, such as resistance to change by senior leadership. These trends make a tough job that much harder: not only are you attempting to keep your network operational, you also have to protect against the ever-changing threat landscape. Four professionals weigh in to share their insight on cybersecurity — the biggest issues facing businesses today, appropriate staffing and what you need to share with your executive team so they will see the value of investing in cybersecurity.
Common Issues in Cybersecurity
Across the board, our experts agreed that knowledge of the cybersecurity threats at the highest level of the organization was a prevalent threat. When leadership doesn’t fully understand the challenges, it’s difficult to obtain the funding and staffing that are necessary to ensure that your organization’s operations can be successfully maintained. As Greg Motz, President of Motz Technology, shares, “Everyone’s computer is at risk from malware and ransomware, from Mom and Pop businesses to local law enforcement”. Phishing is noted as an extensive threat to organizational security, mostly caused by employees who are not familiar with the red flags that many IT professionals would be on the lookout for, so they can avoid infecting business devices. This lack of knowledge on the side of users may not surprise people in a technology support role, but the extent of the threat that they pose might be shocking to leadership.
This Security Threat May Surprise You
You may be wondering “How likely is it that a cybersecurity event happens in my organization”? It’s more likely than you might realize, and the threat vector may be significantly different than you would expect. A recent study by LastPass, the online security storehouse, showed that 81% of security incidents could be traced to weak or reused passwords. Scott Gallupe of 403Tech agrees, stating that users are “a company’s biggest risk to cybersecurity”. This manifests in a variety of ways, such as poor passwords as found by LastPass, inferior management of user access or users who click on phishing emails that provide cybercriminals with easy access to business systems. Many of these challenges can be ameliorated by aggressive testing and training procedures that encourage individual employees to take responsibility for their actions online and via email.
Does Every Organization Need a Cybersecurity or InfoSec Professional?
In a world of shrinking IT budgets, it can be difficult to pitch a new position for what is essentially a job you hope you’ll never need. It’s crucial that the leadership team for your organization understand the value of the position. This was effectively shared by Greg Motz when he noted that “companies cannot afford to lose two things: money and data”. The damage that can be caused by a cybersecurity incident can be far-reaching, and can ultimately cause the organization to fail. According to Wil Buchanan, President, and CEO of PHILANTECH3 Cyber Security, it’s essential that leadership realizes that cybersecurity isn’t simply a concern for enterprises. Businesses of all sizes are falling prey to cyber attacks, and the lack of an InfoSec or cybersecurity professional can make the difference between being able to quickly regain full operations and a company floundering for months as they attempt to regroup on data loss. The traditional IT manager or engineer may not have the specialized skill set required to handle cybersecurity and intensive data management — making this a pivotal hire for any organization.
What Do Business Executives Need to Know About Cybersecurity?
With technology, some problems can be solved once and you can be confident that the solution is holding for some time. Cybersecurity is a continually evolving threat, which makes for more challenging conversations with leadership when it comes to staffing and funding. “It’s not a matter of “if” a cyber attack will happen to them, but a matter of “when”, so they need to be proactive and prepared,” according to Adam A. Fadhli, President of Discovery Information Technologies™. Cybersecurity isn’t a “one and done” solution, but one that leaders will need to continue to review and address over time. Several of our panel of experts recommended finding a cybersecurity partner who bases their programs not on fear — but on education. While there is no need to exaggerate the impact a breach can have on your organization, it’s much more beneficial to focus on proactive protection and ongoing review as opposed to the gloom and doom of what might happen.
Cybersecurity protection for organizations is a moving target and one that doesn’t have a single “right” answer that can be applied to businesses of all types and sizes. It will require a range of new and emerging talents focused on creating redundancy and resiliency across the organization.
Cybersecurity or infosec professionals will need to reduce duplication of data, tighten password security, put aggressive training measures in place and create a process for ongoing review and adjustment of your procedures to help reduce the possibility of a cyber attack. Engaging leadership early and providing them with statistics and realistic risk measures can help you prioritize the vast volume of work that is involved with maintaining an alert security posture and compliance with all data regulations. Each organization will need to determine the level of risk that they can entertain when faced with the growing cybersecurity threats.
Author – Stuart Crawford, CEO, Ulistic LP