Boards need to pay the cost

By

In our organisations, we need to take a strong lead in many areas. The first is awareness. I remember a commercial where a smirking executive tells an IT engineer that he just opened an email attachment – like he was told not to. We know that sort of thing happens somewhere in our organisations.

Second is policy. It amazes me how many organisations still don't have a competent security policy. There is no way that we can secure the network without some roadmaps. These are our policies.

Boards need to pay the cost

Finally, there are tools. If organisations lack strong awareness at all levels, and appropriate policies from which to derive such things as access control, need-to-know versus need-to-share, security tools won't help much.

Unfortunately, the cost is increasing. It's high if we implement the three security areas and even higher if we don't. That cost goes beyond the security budget. In the US, it could be heavy personal fines for the boss or even prison.

As it happens, awareness and policy are minimal costs. Our challenge is getting that point across. We often get lip service without real support, and see the "tick-in-the-box" syndrome where the organisation undergoes the minimum preparation for an audit.

The idea is if all the audit checklist boxes are ticked off, there's no upstream liability, as when someone is hired just long enough to produce the Sarbanes-Oxley documentation a company needs, which I have seen happen. This is so short-sighted. What happens if the worst occurs and, as a result of shoddy security, huge, expensive data loss occurs? It's all part of the cost and we must pay it. And that message needs to be delivered to the boardroom.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Phishing attack nets enormous npm supply chain compromise

Phishing attack nets enormous npm supply chain compromise

Service NSW centralises security, networking in mammoth CloudOps overhaul

Service NSW centralises security, networking in mammoth CloudOps overhaul

VicRoads to phase out passwords in favour of passkeys

VicRoads to phase out passwords in favour of passkeys

Salesloft hacked via GitHub and AWS in March, Mandiant finds

Salesloft hacked via GitHub and AWS in March, Mandiant finds

Log In

  |  Forgot your password?