Ransomware, data breaches or never before seen attacks can have tremendous impact on business operations. With growing executive demand for changes to cybersecurity processes and awareness comes inherent challenges to an organization. So how difficult is moving cyber initiatives forward?
We’ll explore the challenges around change management, shadow IT, technical debt, data enablement and IoT.
Information technology is hard. It’s even harder when you are trying to change the behaviors of people who don’t fully understand why change has to be made. On top of that, people don’t like it when you tell them how to use their phones. They don’t like changing their everyday lives for the sake of IT.
Some of the big reasons people don’t want to go along with the new security initiatives is a lack of understanding, conflicting initiatives or change fatigue.
Most organizations and employees aren’t equipped to manage and succeed in changing environments. Change fatigue being one thing most companies are feeling more recently, because of the emergence of the digital revolution. With IT spend increasing every year, every employee is impacted by the new purchases and new changes.
More often Directors and CISOs are focused on implementing the best security practices with the least impact to business operations. That’s where governance can ensure security strategies are aligned with business objectives and consistent with regulations.
Shadow IT buying is nothing new to IT teams but the reality is, it’s becoming more frequent. It refers to applications and infrastructure that are managed and utilized without the knowledge of the enterprise’s IT department.
How does procurement keep up with people’s expectations when people are used to Amazon-like services, next day delivery or instant access to servers? They can’t and until buying processes change for teams or new processes are put into place, people won’t stop.
Directors and managers do not and should not blame engineers that want to continue progress on their projects and certainly, don’t want to slow them down. One recommendation is to build a system to document concerns, dictate actions with governance controls and keep a running tab of the current status of devices.
What is technical debt? It’s a concept in software development that reflects the implied cost of additional rework caused by choosing an easy solution now instead of using a better approach that would take longer.
How do teams keep up with new attacks given an inability to manage antiquated platforms and budgetary constraints? First practical step is to understand what instances are mission critical, which are in use and which are dormant.
Another appropriate step to take is recording the state of devices on an ongoing basis. When it’s time to communicate the risk of dealing with antiquated technology and reasoning for budget to improve systems, an accurate record of instances can be shown.
Deciding where and when to improve infrastructure is a risk conversation, where business continuity and operational risks are discussed with the CIO and the board.
There is so much to be said about IoT security and access to data… There hardly remains a room that doesn’t have some gadget connected to the internet, and while manufacturers work hard to keep up with security, the sprawl of potential vulnerable devices is simply overwhelming.
Here are some things to consider when developing an IoT security strategy:
To learn more about how ThirdPartyTrust can help you manage third-party risk, request your free trial now:
|cookielawinfo-checkbox-analytics||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".|
|cookielawinfo-checkbox-functional||11 months||The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".|
|cookielawinfo-checkbox-necessary||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".|
|cookielawinfo-checkbox-others||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.|
|cookielawinfo-checkbox-performance||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".|