logo

How management decisions affect cybersecurity

Cybersecurity is as much about processes as it is about technologies. In the first part of our series on why security remains a significant challenge for many organizations, we focused on the risks associated with outdated hardware and software, both of which are especially vulnerable to sophisticated threats. Suboptimal tech is usually not the only problem at breached companies, though.

More specifically, management decisions often produce the disorganized, unsustainable processes that result in costly breaches. A review of the relevant literature published in “WIRES Data Mining & Discovery” revealed that more than 40 percent of data leakage is caused by internal employees, with half of those events being accidental. IBM has gone further, estimating that human error is a contributing factor in virtually all security incidents.

“Cybersecurity is better thought of as a journey than a destination.”

From these numbers, we can gather that company-wide training, awareness and collaboration (or lack thereof) are instrumental to security posture. What can organizations improve, other than their IT solutions planning, for better overall defense?

It starts with management: How poor decision-making affects cybersecurity

Executives frequently struggle with cybersecurity strategy because they are unsure of its return on investment (ROI). It’s a similar mindset to the one that sometimes convinces people to go without insurance, figuring its costs outweigh their actual risks of injury; in regard to cybersecurity in particular, management may err in thinking “We weren’t breached this year, so there’s no need for additional spending.”

Similar mistakes in judgment might include:

  • Conceiving of effective security as something purely reactive, instead of as a mix of reactive and proactive processes supported by automated infrastructures as well as periodic human interventions.
  • Hoping that simple compliance with widely accepted frameworks such as the ones formulated by the National Institute of Standards and Technology (aka NIST) is enough; in reality, such “checkbox security” alone is necessary but not sufficient.
  • Focusing too much on systems instead of processes. No system is going to be impenetrable – what counts is reducing the number of vulnerabilities within it, which can only be done through proven repeatable risk management assessments.

Overconfidence is common and understandable among management personnel when it comes to cybersecurity. Attack types and probabilities are always shifting, making it difficult to know if, when and/or how a given organization will be breached. Accordingly, decision-makers may perceive little ROI in cybersecurity investment and run the risk of having only minimal or simplistic protections in place.

Technology is only one component in effective cybersecurity.
The stakes are too high for this approach. The Ponemon Institute has pegged the cost of the average data breach at more than $3 million, while Verizon has estimated that one-tenth of breaches in 2016 went undetected for at least a year, meaning it’s possible to think you’re invincible even as your network is being surveilled.

Changing your mindset toward security, from the C-suite on down

Customized IT consulting is good way to break out of the mindsets that typically impair security-related decisions. By working with a trusted partner to assess, mitigate and manage the specific risks in your organization, you can develop corresponding processes you can continuously return to as your requirements evolve. Employee education and well-established protocols for acceptable workplace apps and data handling practices are just a few examples of what such processes might entail.

Cybersecurity is better thought of as a journey than a destination. Threats that once seemed so pressing – e.g., homepage hijackers in Microsoft Internet Explorer, malware distributed via floppy disk or CD-ROM, etc. – have been replaced by newer ones such as denial-of-service attacks, strong encryption ransomware and malicious mobile apps. This is why continually updated infrastructure and sustainable processes to go with it are so important. Visit our Data and Infrastructure Management page or click the banner below to learn more.

Share this on

How management decisions affect cybersecurity

Stay In Touch

The future of businesses is ever-changing. Keeping up with the demands and dynamics of the technology industry is the most challenging now than ever.

ADR Mediation Scheduler Application Development

Drupal 8 Management, Maintenance, Support

Web Re-design & Re-hosting

Book A Demo

Employee retention is undeniably crucial for every organization and we have thought it through. Our retention focused employee benefits are designed to appeal to the best talent across industries. With an incredible 5-7 years retention span, we keep allocating the right cultural and operational fits that would not jeopardize an existing project implementation.

With a unique blend of traditional and contemporary management systems introduced, decision-making at Paramount is fast and effective. To help government agencies continue and also boost operational activity,  we ensure the quickest possible turnaround time. Instead of long traditional onboarding practices, we take pride in achieving a much shorter process to eliminate possible delays.

Our state – of the – art system enables our team to match solutions, and resources, for our government clients to bring in the latest and the most digitally advanced technical expertise – be it talents or technology solutions. We go through a matrix system that will match needs with solutions, keeping in mind parameters like cost, existing technical environment, and any other government prerequisites. Providing a solution that will match all the core needs is of utmost importance for Paramount – we go to absolutely all lengths to deliver precisely that.