Why Cybersecurity Isn't Only a Tech Problem - 0 views
-
By now, most accept that they need to invest significant cash and resources into cybersecurity capabilities
-
ather than the full C-suite and board.
-
we’re failing at cybersecurity
- ...27 more annotations...
-
This article talks about how companies make the grave mistake of thinking that cybersecurity is merely an issue that should be addressed by an IT team and that no one else is responsible for addressing risks and understanding them. Most C-suite employees don't understand what the risks are, and usually these risks vary from company to company. It is not that you should only consider that you can get hacked, but you should consider and identify what kinds of information can get hacked and why. The article denotes an example of an Asian automobile company that needed to implement a new system to mitigate security risks and in the process, ended up locking up other companies who needed to use their systems to find out about their products. So those companies started to create fake profiles to try and access the information -- all so that they could just do their job. This showed that people are more interested in just getting their job done than understanding cybersecurity and why certain systems are in place. The way of thinking up security systems should be creative and involve all parts of an organization. Departments won't know what their role is until they identify what information is important to them, what their purpose is in the company, and what is valuable to them. By identifying this, they can come up with ways to secure this information and monitor its delivery. Businesses don't look at cybersecurity as a risk of their business just as a shipping company would look at weather risks as a potential threat to their revenue. It is looked at as more of an abstract concept and this stops people from implementing successful strategies to keep their information safe. Cybersecurity shouldn't be viewed as "so impenetrable" that no one would ever understand it. This requires everyone to get involved and understand the implications of cybersecurity on their own work, specifically, and identify who their main adversaries may be.