This is the third part of the series “Three Fundamental Security Myths in Cyber Security Domain and Reasons for Being Vulnerable”.
This is another dangerous myth if organizations executives believe it.
Computers are exhausting, therefore let IT handle everything, right? This, again, could be a foolish way to look into cybersecurity. Some businesses lack the capital to hire skilled workers. And, even with a decent IT team, aforementioned the workers are restricted in what they can handle. If you expect your IT team to manage every single tech-related downside, from resetting logins to managing the network infrastructure and handling potential intrusions, you are asking for hassle. each employee ought to be acquainted with sensible cybersecurity practices.
IT staff shouldn’t be creating risk decisions that will affect the success or failure of a company. That’s the role of the executives. A study found that 55% of individuals stated that their organization had a “security incident or data breach due to a malicious or negligent employee “.
There is no doubt that cybersecurity comes mostly from implementing applicable information technology-based controls to safeguard information held within a company.
Therefore, it’s liable for implementing and recommending security controls. However, the ultimate selection on if risks ought to be mitigated or taken ought to be down to the executives who perceive the strategic objectives of the business.
Most organizations don’t seem to be within the business of security. Security is simply an enabler for the business to operate within acceptable levels of risk. What quantity risk a company ought to take cannot be determined by IT as they merely haven’t got this level of understanding regarding the organization. It’s for executives to set the level of risk tolerance.
An example can be that it might make good business sense to launch a product, therefore, it will reach the market in time and forgo a number of the protection. An IT person wouldn’t be able to build this kind of decision.
Security isn’t absolute. Its job is to tell the business and defend it to the appropriate level. Some organizations got to run with high levels of cyber risk to be viable as a business.
The risks from cyber-attacks don’t seem to be a technical downside. The recent attacks on TalkTalk, Sony, Target, and others have resulted in serious monetary damage being done to the company itself, so the matter is currently a boardroom issue that should be managed at that level similar to the other risk to the business.
References experian, “Managing Insider Risk,” 2016. [Online]. Available: http://www.experian.com/data-breach/2016-ponemon-insider-risk.html?WT.srch=2016_insider_risk_pr.
Follow Infosec Write-ups for more such awesome write-ups.
InfoSec Write-ups – Medium