As technology advances, so do the cybersecurity options that can assist in securing the enterprise. However, these options are tools, and although they provide a solution to the cybersecurity skills gap, they also create a false sense of security that executives are not aware of (due to them not being experts in the areas of cybersecurity and tech). To overcome this problem, there are two areas of focus that can help the CEO and/or the CIO to get a clear idea of what to do.
- The CEO needs to recognize the importance of having and communicating with their IT department; or in the absence of a complete IT department, to have and communicate with an expert professional to consult on cybersecurity matters for their organization.
- The cybersecurity industry as a whole needs to come together and collaborate on ensuring they always provide a clear way to holistic cybersecurity, not just patch solutions; or at the very least, to provide the information necessary for business executives to not to think that one or two cybersecurity tools are all they need to secure their organization from cyber threats.
Let’s explore the first area with the IT department or lack of personnel.
It’s very clear to everyone that the CEO and tech professional butt heads due to the different ways of seeing business growth and productivity. For the CEO it’s about being up and running, while for the IT department it’s about improving and ensuring the tech that is being used and adopted is always up-to-date for smooth operations and the elimination of vulnerabilities.
Without an IT department, the executives can only rely on the tools they have to tell them when it’s time to update something, but there’s no one to ensure it happens when the update becomes available or someone to help if there’s a glitch due to the update itself.
- Any time you update software or technology that you’re using there can be technical difficulties like when Microsoft updated its software for PCs to patch against Spectre vulnerabilities. The first update issued, created a problem that caused PCs to crash or freeze up. The issue was resolved with a second update, but you can only imagine how the experience must have been for a company with no IT department or personnel to turn to for troubleshooting or explaining the issue. Not only does the company find itself at a loss (without the necessary expertise to guide them) in these types of situations; but also, sometimes with this knowledge of tech glitches after updates, patches don’t happen at all within a company that doesn’t have the proper IT expert(s) to help.
Now let’s explore the cybersecurity industry focus area.
When it comes to the cybersecurity industry creating and selling tools and tech solutions to help protect networks, admin logins, passwords, data storage, website security, and other areas businesses need security solutions for; the way the patch cybersecurity solutions are being presented to businesses is what perpetuates insecurity; particularly without the expert guidance present, or without a CIO who will speak up in the face of a limited budget to work with and no room to say otherwise.
- Even though a cybersecurity company may know their tool only solves part of the security needs for phishing or ransomware, for example; they are not going to spell that out to their potential customers (the CEO of a company). If they did, would the company still adopt their tool or tech solution? Maybe yes, maybe no. Either way, it is this practice of what isn’t being said with the adoption of the cybersecurity tool and tech that doesn’t help ensure holistic cybersecurity. This is also one of the reasons there is a divide within the cybersecurity industry.
Cybersecurity experts are all onboard with security tools and tech that bring in automation to help fill the cybersecurity skills gap; but there’s also the knowledge of the essential human component. Some CIOs ensure their company knows about this need, but those companies that don’t have a CIO who will speak up or have no IT expert at all, won’t know about this missing component; some CEOs might even believe there’s no need for the human component and therefore they will stick to patch work cybersecurity solutions.
Worldwide spending on information security products and services will reach more than $124 billion USD in 2019 (Gartner); but there is the need to remember that cybersecurity tools and tech, that automating your cybersecurity, doesn’t mean you don’t need an IT department, an expert security professional at hand or a holistic cybersecurity posture.
If you’re ready to implement cyber resilience with the proper cybersecurity posture, give us a call.
Schedule your free cybersecurity consultation here!
Photo courtesy of Sergey Nivens