The Pink Elephant in the Room: How IT Ignores Blatant Security Issues, Even in the Era of the Data Breach
What would happen if you completely ignored your car maintenance or home maintenance? What if you bought a car and drove it for years with no oil changes, no tire balancing and rotation, and never adding necessary fluids? Or bought a home, but never changed the air filters, cleaned the gutters, or fixed little things that broke over time? Likely, you would be homeless and walking before too many years. The same is true with IT security. You might get by for a while, but eventually the lack of attention will bite you—probably very hard.
Why do managers and executives continually overlook, ignore, or outright refuse to address vital security issues, even in the era of the sophisticated hackers and cyber terrorism? There are a number of reasons. Let’s take a look.
Business Executives are Focused on Business Risks, Not IT Risks
Most companies are captained by business managers with MBA degrees and solid resumes filled with business successes. What they lack is an understanding of how their IT risks relate to those business interests. Managers need to learn the dollars and sense behind IT security. The average data breach costs $214 per record compromised, with the average business taking a hit of about $7.2 million. If your IT department is having trouble convincing management that IT security is a real business risk, they may change their thinking.
Business Executives are Jaded to the Cyber Security Threat
IT can sometimes become like the boy who cried wolf. After countless dire warnings that the IT department will come to a screeching halt without investments in new hardware, more bandwidth, improved databases, and other expenditures, they become immune to these cries and simply tune out the begging and pleading for more and better IT security. Overcoming this obstacle is twofold: first, learn when it is and isn’t appropriate to claim that the sky is falling. Second, bring real statistics to the bargaining table to back up your horror stories of data breaches and cyber terrorism.
Business Executives Like the Status Quo
This is an easy one to fall into. If it isn’t broken, after all, why on earth fix it? Most executives are neck-deep in fighting real battles that they can see, hear, and understand. They are immersed in making decisions on new product lines, potential mergers and acquisitions, real estate investments, and other tangible issues. Cyber security seems, in comparison, to be less real. Since the computers and software seem to work when everyone gets to work in the mornings, why bother fixing anything?
Business Executives Don’t Understand Tech Speak
If your IT team approaches the C-suite rattling off terms like, “access control” and “advanced persistent attacks” and “botnets”, they’ve likely tuned you out before you finished the sentence. Ax the tech speak from your communications with and please to upper management. Put the risks in terms they can understand. Once they understand and are aware of the need for additional security products and services, they are far more likely to sign on the dotted line.
Every good IT security plan begins with a smart storage solution. Learn more about us at Bigstep today.