Fixing the communications breakdown between IT security and the board and c-suite

communication breakdown
Thinkstock

In the months before an unexpected crisis, IT security requests specific tools, training, and additional staff to keep enterprise data safe, but does not substantiate the need in terms the business can understand. The c-suite denies the requests, pointing to the investments they have already made in security technologies. Suddenly, hackers strike with a massive cyber attack.

Suffering financial losses and brand damage, the c-suite asks IT security what happened. Security responds that they need specific tools, training, and staff to mitigate these concerns. But again, security does not make a business case in language the c-suite can appreciate. The leadership turns to existing vendors, who sell them their latest security products.

Armed with products that do not address all the specific vulnerabilities the company has, the c-suite returns to other matters. Months later the enterprise falls prey to similar attacks. A cyber security communications break down has kept the enterprise moving through this same cycle for years. The answers to breaking out of that rut lie in fixing those communications.

Finally, IT security experiences an absence of threat intelligence and security operations capabilities that leaves its teams handicapped when fighting the company’s security battles. The spend on expensive security tools such as Next-Gen Firewalls remains high while the investment in relatively inexpensive security staff training is underwhelming.

“New security tools may be expensive,” says Earl Crane, Ph.D., CISSP and Co-Founder of Emergent Network Defense, “but they are useless unless you train the staff. The organization must have the maturity to use the tools.”

To continue reading this article register now

Subscribe today! Get the best in cybersecurity, delivered to your inbox.