2nd Edition

Tracking the trends and news for IT and IT Security

Paul Davis

What Cybersecurity Gets Wrong

What Cybersecurity Gets Wrong>
– Richard Pallardy
In addition to the shortage of manpower, a 2021 report compiled by the Information Systems Security Association (ISSA) and industry analyst firm Enterprise Strategy Group (ESG) notes that 57% of the 500 professionals they surveyed believed that a skills shortage was negatively impacting their organization.
So, not only are there not enough workers to manage necessary tasks, but the workers that are available do not offer the full breadth of necessary skills.
Recruiting replacements and expanding staff presents a number of hurdles in and of itself — the ISSA/ESG report that their survey group was concerned about lack of competitive compensation and by incompetent human resources departments unable to locate suitable candidates.

“Once you find one, the truth of the matter is they’re jumping off to startups to make the big time instead of hanging around in corporations.”
Lack of Communication Between Leadership Teams As the authors of a recent article in the Harvard Business Review suggest, there is an additional disconnect: between the CISO and the board.This, says Jones, is often the result of “an executive team who doesn’t take cybersecurity seriously and views IT security spending as a project cost, rather than as an investment in brand protection.”
“Cybersecurity never gets the investment it deserves, because it doesn’t generate revenue,” Williams adds.“We’ve seen executives or board members at big Fortune 500 companies practice very bad cyber hygiene,” Williams confides.Organizations should avoid “reliance on disparate, cobbled-together cybersecurity solutions that don’t provide comprehensive protection against cyber-attackers and malicious insiders,” Jones advises.But no matter how good you think you are, tomorrow, you’re not that good anymore.”
The Cybersecurity & Infrastructure Security Agency (CISA) has begun cataloging a set of particularly bad practices to avoid, including the use of end-of-life software, default passwords, and single-factor authentication.Zulfikar Ramzan, Aura “Employers need to do more than just mandate an annual cybersecurity awareness program and prepare employees to identify and react appropriately to increasingly sophisticated cyber threats — in their personal lives and at work, as remote work and shared devices blur these lines and create more opportunities for hackers and fraudsters to take advantage,” Ramzan exhorts.“End-users should complete cybersecurity training at least quarterly, with a focus on gamifying the process to make it more fun and interesting,” Jones adds.
Link: https://www.informationweek.com/security-and-risk-strategy/what-cybersecurity-gets-wrong

Categories:

Tags: