Unfortunately, IT security professionals have to deal with business managers. This is a problem that will never go away, but there is some good news. They may still be intent of slashing budgets and increasing the productivity of the workforce, but they are less keen about slashing IT department budgets. Many are now suggesting increases in operational budgets to deal with the increased risk of attack.
We are also finally seeing CEOs making the decision to implement good security measures to protect against malicious insiders and hackers. The days of having “good enough” security measures may finally be coming to an end. Attitudes on cybersecurity are changing at last, in no small part due to the cost of not doing so being hammered home. Highly publicized cyberattacks have helped in this regard. So have reports of stock prices tumbling after security breaches are suffered.
It is not only lone hackers that are attempting to break through firewalls and cybersecurity defenses. Groups of incredibly talented hackers are being recruited by nation states and are being put to work on highly sophisticated hacks on U.S. enterprises. With the backing of nation states, the threat level increases considerably. Robust defenses must be implemented to repel the attacks. Any organization that implements minimal cybersecurity defenses may as well place an advertisement in the Washington post inviting hackers to attack.
Cybersecurity attacks have been receiving a lot more press, in no small part due to the huge volume of data that hackers have been able to obtain. Corporate secrets, company accounts, information on personnel, customer data, medical records, Social security numbers, and much more have all been obtained. This information is subsequently sold to the highest bidder or, in some cases, simply posted online for all to see.
The potential damage caused can be catastrophic. Many small to medium sized businesses would not be able to survive such an attack, and even enterprise organizations feel the effect. The threat from these attacks has seen a much needed change in attitudes of the upper management and, while IT departments are not yet given all the money they need, the situation is certainly improving.
A recent survey conducted by ESG research suggests information security situational awareness and strategy is something that business leaders are getting much more involved with, according to 29% of respondents. This is a major improvement year on year. Furthermore, 40% of respondents said that over the past year, the executive management has become “somewhat more engaged” with these matters.
As more mega data breaches are reported in the news, and the true cost of resolving security incidents is calculated, we can expect engagement to increase more. Bigger IT security budgets should also be allocated to improve protection.