On average, enterprises risk losing nearly $4 million in the event they suffer a data breach. Yet despite the high risks of the cybersecurity game, C-suite executives continue to clash with their enterprise’s IT professionals.
Such disagreements can’t continue if enterprises are to face hackers on even footing. As the cybersecurity paradigm shifts from a focus on prevention to a focus on detection, enterprises face hard choices on which network areas and databases require the most visibility and monitoring from their SIEM or security analytics solutions.
Attempting to maintain constant vigilance over the entire network will stretch the solution—and the security team—thin. Further, everyone from IT professional to C-suite executive is at risk from the fallout of a data breach. Without developing some common ground, the clash between C-suite executives and IT professionals creates security holes or neglected areas hackers love to exploit.
From where is the disagreement between C-suite executives and IT professionals coming? And what can be done to mitigate the problem?
A Matter of Confidence
Security analytics solution provider Varonis recently surveyed 300 C-suite executives and IT security professionals across the U.S. and Europe. The results are shocking—namely because the IT professionals are far more optimistic than the executives.
96% of the surveyed security experts express confidence that their security policies and procedures matched the risks their enterprise faces. Only 73% of the C-suite executives feel the same. 91% of IT professionals believe their cybersecurity stance was improving. Only 69% of C-suite executives feel the same.
These discrepancies raise the question of who in the enterprise is truly in the best position to determine the digital risks their business is likely to face: those looking with a bird’s eye view or those in the trenches. Additionally, the disagreement asks who can determine if the enterprise is succeeding in cybersecurity…and what success looks like.
Of course, the answers to these hypothetical questions will be individual to your enterprise.
What Should Be Prioritized?
Top level executives and IT security experts agree: data loss and data theft stand as the top digital threats confronting their enterprises. However, they disagree about the significance and danger of other threats. 30% IT security pros believe ransomware is a top concern. By contrast, 32% of executives cite data alteration as a high-priority issue.
Security teams also tend to display more anxiety for their enterprise’s financial data, whereas executives worry far more about their employee data. Both are lucrative targets. This isn’t an idle disagreement—security analytics and SIEM function most optimally with prioritized network areas and databases to monitor. But where should (or can) they monitor if the enterprise can’t reach consensus?
What is the Frequency?
Perhaps one of the most dangerous discoveries of the Varonis survey is 94% of IT professionals believe their C-suite executives heed their advice concerning cybersecurity. However, only 76% of C-suite executives say they take their security team’s recommendations to hear.
A disagreement is one thing, but not listening to the experts you have on hand is asking for hackers to take advantage of your enterprise’s digital weaknesses.
Calming the Clash in Your Enterprise
If such a clash between your C-suite executives and IT professionals exists in your enterprise, it’s high time to bring that conflict to an end. Here are some recommendations on how:
- Select a SIEM or security analytics solution that best fits your enterprise’s needs such as threat detection, monitoring, network visibility, etc. This will help relieve some of the pressure and anxiety inherent in the argument.
- Bring your C-suite and IT professionals to the table to discuss their concerns, questions, and priorities. Determine if they can reach a consensus about the risk your enterprise faces or if they may need moderation to reach an agreement.
- If you have not already, have a CISO on your board so they can advise and direct cybersecurity efforts and foster communication.
- Have an incident response plan in place so your IT security staff and your C-suite executives know exactly what to do in case of a breach. This will also help foster better channels of communication between you C-suite and your security team.
Ultimately, cybersecurity is a business approach as much as it is a technological solution. And like your business’ mission, you need to have a common understanding among all of your employees and executives for it to work. Best start building that understanding now.
Latest posts by Ben Canner (see all)
- Revisiting Whether SOAR Will Replace SIEM in Business Cybersecurity - May 29, 2020
- Changing SIEM From Reactive to Proactive with Threat Hunting - May 27, 2020
- Top-Down SIEM: An Interview with Avi Chesla of Empow - May 21, 2020