Businesses don’t always realize just how vulnerable they are to risks.  This lack of insight isn’t from lack of trying, it’s simply that when you’re not in the industry of cybersecurity it’s only normal to have limited knowledge on it.  If this weren’t the case, there wouldn’t be a need for security experts or companies that provide ways for organizations to onboard a holistic cybersecurity posture, would there.

 

Something as simple as thinking your business is more secure because you have implemented ‘https’ for your company’s website is one example of how a false sense of security comes about due to CEOs not living security day-to-day and some security professionals not having enough experience in the field to know all the components that make companies vulnerable to intrusion.

 

  • Did you know that 91% of security pros say cybercriminals could take advantage of government-mandated encryption backdoors, but companies are still required to have those backdoors?

 

  • And that in the meantime, 85% of cybersecurity pros say they need more people if they’re going to implement effective security?

 

The shortage of security professionals with enough expertise in the field has yet to be solved and so 70% of security pros are looking to hire experienced professionals, while 30% are so in need that they’re willing to hire inexperienced security professionals and train them.

 

These existing circumstances aren’t something recent or new.  It’s been many years already that the security industry has been talking about the dangers and potential solutions for cyberthreats; the only difference today is that CEOs are hearing about it all too.

 

A contributing factor to this heightened level of CEO awareness regarding security risks is due to the extensive rise in vulnerabilities with phishing and ransomware being some of the most recent types of attacks to take over the headlines.

 

  • Between WannaCry and NotPetya the only thing on everybody’s mind is who’s next and what can be done to stop these attacks from happening.

 

Interestingly enough though, even with NotPetya estimated to having had a negative impact of €220 million (around $235 million) on first-half sales and of €65 million (around $76 million) on first-half operating income; 68% of security pros don’t feel confident their enterprises have made the necessary improvements to better protect against similar attacks.

 

So, even though a number can be assigned to cyberattack, not limiting the breach to downtime and brand image; which is something CEOs understand too, the number or dollar sign isn’t working either in creating a sense of urgency and communicating just how dangerous a breach is to business.  If it had, there wouldn’t be a majority of security pros still weary of their organization’s commitment to cybersecurity.  Then again, a recent assessment shows that most of the big online businesses allow for terrible passwords; that says something too.

 

At the end of the day, it is the fact that CEOs aren’t submerged in cybersecurity, they don’t live it day and night and the threat doesn’t seem imminent for as much as the headlines make it known just how destabilizing a breach can be.  For the CIO, sometimes it’s just easier to lie to themselves as they attempt to do everything possible to implement a bulletproof security posture solo.

 

Since we are in the business of cybersecurity, we’re trying more and more to have conversations both with CEOs and CIOs so that they can raise that level of awareness and realize that it’s ok to ask for help, actually it’s necessary!

 

Don’t hesitate to reach out with your cybersecurity questions so that you may secure your enterprise.  Give us a call!

 

Photo Courtesy of donskarpo