Why IT teams must have a bigger seat and budget at the boardroom table
The cyber threat continues to grow and evolve, with the number of attacks increasing year on year. As cunning hackers take advantage of the ongoing pandemic by targeting remote workforces, businesses are forced to contend with this increased security risk and furloughed staff, social distancing restrictions, and a turbulent economic market.
But while in survival mode, cybersecurity can often slip down businesses’ priority lists. The last twelve months have arguably been the most challenging times for businesses of all sizes. Still, efforts invested in keeping the company afloat will be useless if the back door to their network is left open for cybercriminals. To combat this, Andrea Babbs, General Manager VIPRE Security UK and Ireland explains that IT teams must have a bigger seat and budget at the boardroom table while embedding their cybersecurity efforts across all business departments.
Managing Priorities
Cybersecurity must remain a priority for businesses, even in challenging times, despite COVID-19 stretching many organisations’ IT and cybersecurity teams to the maximum. However, managing and surviving throughout the pandemic alone has remained the prime concern, as 84% of businesses and 80% of charities revealed that COVID-19 has made no changes to the importance they place on cybersecurity. That companies still aren’t prioritising cybersecurity despite increased cyber threat level and more sophisticated hacking incidents are surprising.
Most businesses face the main hurdle is revenue loss, meaning they may not have the budget to invest more heavily in cybersecurity. A recent survey supports this, which found that 79% of organisations expect cybersecurity budgets to be impacted in the next six months, if not sooner. Yet, to succeed in the post-COVID-19 era, security must be at the top of the business plan to keep business data safe and maintain business continuity and protect against emerging cyber threats.
Human Error
We’ve all sent an email to the wrong person, but this mistake has the potential to put the whole company at risk. Whether it is sharing the incorrect attachment, or adding the wrong recipient to an email thread, once an employee clicks send, it is often out of the business’ control to know whether this information will end up in the wrong hands without specific DLP rules, policies or tools in place.
With so much communication reliant upon email, human error is the leading cause of data breaches. Humans make mistakes, and with additional pressures from the ongoing pandemic, such as working from home, surrounded by potential distractions, these errors are now even more likely to occur. But this is also due to a lack of awareness, lack of training, and the growing number of cyberattacks, giving IT teams a more prominent seat at the table. A slice of the budget will help increase employee awareness and improve email culture throughout an organisation when mistakes can so easily be made.
Multi-Layered Defence
Many organisations have not yet taken the essential steps to properly integrate cybersecurity into their general operations despite a rising number of cyber-attacks across all businesses, with 88% of UK companies have suffered a breach in the last 12 months. A cybersecurity strategy is most effective when it has multiple layers and is deployed consistently from the beginning, not as a once-a-year tick box review or training exercise. By deploying a multi-layered, security-first and awareness-first defence strategy, including the basic foundations of email, endpoint and web security alongside the emerging necessities of security awareness training, remote working zero-trust network access tools and other user-first solutions, businesses can secure their operations both internally and externally.
Technology plays a crucial role in ensuring business data is kept safe, so educate and alert employees for potential threats in real-time. Implementing innovative solutions that prompt employees to double-check emails before sending them can help reduce the risk of sharing the wrong information with the incorrect individual while enabling users to make more informed decisions and reinforce compliance credentials.
Sharing Responsibility
To create an effective cybersecurity strategy, the ‘us vs. them’ mentality must be shifted. It is not just the IT department’s duty to keep the organisation secure. Instead, this issue must be prioritised in every department across the business – as every end-user and team have something valuable at stake. All employees are responsible for playing a part in keeping business data safe, and they should be actively recruited into this role from the beginning – the stakes are too high for businesses to not take advantage of all available resources and personnel.
Business collaboration plays a vital part in this approach. In addition to educating employees and ingraining ‘cybersecurity first’ as part of the culture, the IT defence strategy must be embedded across all areas of the business, including HR, customer service and finance, for example. The potential consequences of a data breach must be explained, such as the financial repercussions, loss of customers and tarnished business reputation – real, revenue-impacting results. By having a mindful workforce and understanding the responsibilities they have on the front line of defence, companies can ensure that everything they do is underpinned by both user education and a robust and secure IT security infrastructure.
READ MORE:
- Biometric authentication: the good, the bad and the ugly
- You’ve had a breach – how do you successfully roll out an emergency patch?
- How to successfully reopen your office in a post-Covid-19 world
- Common migration pitfalls and how to avoid them
Conclusion
The final decision to click the link, send the sensitive information or download the file lies with the user. But by ensuring that a solid and secure cybersecurity culture is instilled from the top of the business to the bottom, company assets can be kept safe, and the risk of successful cyber attacks can be reduced.
IT teams are the foundation of creating and deploying the right cyber defence strategy. Still, unless they are given a priority seat at the table during these crucial times, the value of their approach might go unheeded. The responsibility of keeping information safe applies to all levels, from CEO to apprentice. However, until a business has the basics right and takes on a ‘security-first approach, the risk remains. Yet, the difference between a trained and an uneducated workforce could mean the difference between an organisation surviving a cyber attack or suffering devastating consequences.
For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!
Follow us on LinkedIn and Twitter
