23. Februar 2021
“If IT leadership doesn’t care about security, people are going to focus their efforts where they think leadership wants more focus, time and efforts.” – Charles Platt, The Art of Email Security.
For any business to succeed in today’s realities, it must have a strong online presence, which could help its brand grow and attract new customers.
Pretty much everyone has online access. It’s a land of free entry that can take you from one place to another in a matter of seconds. But you see, the exposure you have on the Internet has another side of the medal. The threat can come at an unexpected time and from an unexpected side. It’s the responsibility of IT leadership to identify real-time cyber threats, monitor firewalls, explore possible system vulnerabilities and database entry points, and so much more.
All that while keeping the security team in the clear about critical situations! It seems like a tough job that demands remarkable leadership qualities.
But is security taken as seriously in the business sector as it should be? Not necessarily.
One does not climb too high without a safety harness, right? Unfortunately, the reality is different.
No doubt about it, you don’t ever break out from obscurity without rolling the dice. But doing that when you already have an empire behind your back is a different story.
Taking uncalculated risks while wishing to stay successful for as long as possible is, what they call, a pipe dream in today’s reality. Smaller companies are a so-called ‘lower-hanging fruit’, while massive corporations are attacked more often because of their stature.
Every company needs security-focused IT leadership, but not all of them have one, for many reasons.
40% of IT leaders say cybersecurity jobs are the most difficult to fill, making the global mission even tougher to achieve. Understaffed and often under-budgeted IT leaders face the broad task of protecting digital assets, fighting off the challenges brought in by a third party, and minimizing the potential harm from people who work for the company.
Lots of ground to cover, so this is not a ‘one man army’ job.
The leader role is reflected in a person's authority and awareness about the unavoidable risks that await your company online.
A leader helps improve the lives of other people or improve the system they live under. In the IT context, the leader’s goal is to enable business strategy, act as an enabler, use IT to innovate, transform the business, and focus on its capabilities.
It becomes clear that such a person is a crucial member of any team involved online, and having one can only help make your brand more reliable and trustworthy in the eyes of partners. And even while that is an undisputed fact, management often dismisses the importance of such people in their company.
As Will Rogers once said, “Being a hero is about the shortest-lived profession on Earth”.
It applies to CISO positions, as the average tenure on the vacancy is 17 months. Not exactly a dynasty-like career. The margin for error is very slim, and this is not a position where key staff can make any mistakes. IT leadership lives in a different world.
Leaders are responsible not only for their own safety, but the safety of others too. They need to think not for one or two people, they need to think about dozens, even hundreds and thousands of people who work for them every day, all while keeping business interests first on the priority list.
That’s a lot of work, but here’s a little perspective on how the uphill battle can turn into a more even ground, if not a better strategic position.
When most hackers are targeting your non-technical employees for easier entry with spear phishing emails, it only makes sense to decrease the risk of such an attack and understand why email is key for IT Security.
Yes, hackers compose scam messages that seem like legitimate emails to get the login credentials from your employees, and as practice shows, no training in the world can prepare employees for such attacks. Phishing relies on social engineering tricks, which makes it such an effective weapon - as people, we can’t be in the anti-phishing mode all the time.
In the last year alone, spear-phishing emails were employed by 71% of groups that staged cyberattacks. Email is the easiest attack vector that will continue to get the better off companies and their employees. As such, email should be protected with utmost effort and dedication.
How can that be achieved? Dedicated instruments help in that, and when it comes to email protection, you may look in StealthMail’s direction.
StealthMail is using a different model of message transferring than regular emails, never exposing them to the public Internet and keeping them encrypted at all times inside your own company. The keys that decrypt the messages are not stored on third-party servers like in most solutions, instead, they stay with you at all times.
But what if you found out that StealthMail doesn’t hurt the existing IT infrastructure, being deployed on a cloud inside your own company? If you are interested to learn more about StealthMail, you’re always welcome to do so at StealthMail.com.
But security solutions alone do not work out all the problems.
For technology to work, it has to be used by people correctly. Three main components in security are people, process, technology. Let’s talk more about it.
“If you don’t have a corporate strategy, don’t have the understanding of the security, and if you treat it with negligence, and don’t address this within the management team, sooner or later, you will be breached.” - Johan Nordstrom, Art of Email Security.
IT leadership sets an example of how seriously security is taken inside the company.
When newcomers enter the working space, they have to be introduced to the policies and processes correctly, ideally by the top security person in the organization. Because you can’t make a first impression twice, you better show new people how seriously you treat them and what you expect from them in the future.
For this process to be successful, you must ensure the following steps are completed:
People should feel that security is important not only to you but to all the employees too. Educate, educate, educate - that's the only key to get people to respect the policies inside the company.
If you would like to give people more information without acting like a helicopter parent, consider picking up “The Art of Email Security'' book for free. The book features a lot of valuable lessons from top Chief Information Security Officers around the world, but is written in a language that everyone can understand.
And finally, always remember that security is not a state, it’s a process, and it’s the responsibility of IT leadership to enforce it.
Link in die Zwischenablage kopiert!