Are You Inviting Cybersecurity Attacks?
Negative thinking and stereotypical behaviours will expose vulnerabilities.
Continually investing in the latest security products does not guarantee protection from cyber-attacks, and nor does an attitude of complacency and a belief that it won’t happen to you - or if it does, it won’t be serious.
A balance is needed in all aspects of security from the technical to the human, and whilst you may think you’re doing this, there could be clear signals that in fact, you’re actually inviting an attack, rather than protecting against one.
Stereotypical departmental behaviours and cultural issues between IT, non-IT executives, and Finance leave many organisations exposed to cybersecurity attacks.
The risk of cyberattacks can be significantly reduced by addressing these leading causes of vulnerability within the organisation:
Pennywise - Pound Foolish
Systems and finance decisions made every day with the best intensions of the company in mind could be very short-sighted. Deciding to keep systems running when attention or patching is needed, or continuing with old hardware and software to sweat the asset and save budget are common mistakes. Innocent day to day decisions like these can go unnoticed and increase the likelihood of an incident.
Action: Recognise the exposure that certain IT decisions create. Accept and discuss system risks as part of IT planning and security governance.
Bean Counter vs Space Cadet – a Cultural Disconnect
Business development and strategy executives are focused on growing the business and hitting targets - and it’s always an urgent matter. Security is someone else’s issue, and it isn’t always considered in business decisions. New applications that are urgently required tend to override security readiness objections and concerns.
Action: Cybersecurity has a huge business impact. A serious breach damages reputation and could bring the business down. It should always be a part of expansionist business decisions.
Throwing Money at the Problem
There’s no direct correlation between high levels of security spending and seamless protection. Buying the latest point products without a thought to operational matters and how they will work together is simply wasting valuable resource and budget - whilst exposing the organisation to even greater risk.
Action: Research and create an integrated security solution that works across the human and technological landscape, in line with complimentary business investment decisions.
Security says No
If IT security managers see perfect defence as the nirvana, it can create a culture of No – we can’t do that, it’s not secure. If they wield too much power, and are allowed to forget that they’re part of a business, they could block the development or release of a critical application due to security worries without considering the business outcomes and consequences.
Action: Ensure IT and security are seen as critical to business success - balancing the need to protect with the need to run and grow a business.
If outcomes from every decision are highlighted, with blame attributed and scapegoats made then people will hide from anything remotely risky. Positive accountability should mean that decision outcomes, good or bad are understood and supported, rather than disciplining someone if something has gone wrong. The acceptance of risk (or not) within defined parameters should be part of decision-making culture.
Action: Support and acknowledge decisions that balance the reasonable need to protect with the need to run the business.
Dinosaur Leaders only want Good News
Some boards and senior executives won’t accept anything resembling the realistic or pessimistic, and they simply don’t want to hear or acknowledge that security isn’t perfect. Board reviews and presentations are too often dressed up and filled with good news about security progress, with minimal discussion about gaps or areas for improvement. Dinosaur management and ruling with a rod of iron are not conducive to a collaborate security strategy.
Action: Board, IT and non-IT executives must be open to talking about, and understanding the realities, limitations, and challenges of cyber security.
Enlightened business leadership understands and appreciates the complexities and risks posed by cyber security threats and engenders a collaborative, proactive approach in developing strategies to mitigate them.
Ensuring that all staff are properly trained in security best practice and that systems are regularly monitored and updated to prevent intrusions are essential. Facing up to the challenges of cyber security is crucial for businesses to remain competitive and secure in the digital age.
We can optimise your Cybersecurity strategy.
Register for a consultation with our Cybersecurity Consultant.
It’s not about predicting the future, but making it possible
Our Chief Technical information Officer Cyrille Joffre shares his highlights from the recent MWC in Barcelona.
Cyber Security tips for small businesses
We look at the main security risks for small businesses, and what they can be doing to increase protection against attacks.
Guernsey SASIG event highlights
Latest ransomware tactics, hybrid Clouds and more discussed at Guernsey security forum. Iain Davidson, Head of Enterprise Products at Sure Business, was in attendance and shares his insights on an important event.