What is one thing you wish the business would understand about cybersecurity?
We posed that question as a final and open-ended question on a recent survey of security professionals. We received more than 40 written answers, which thematically, tended to boil down to three basic lines of thinking.
Security professionals want the business to understand:
- They exist to protect the business;
- They need budget and resources to do the job adequately; and
- Security is dynamic and evolves rapidly; so, things can and do change.
Below is a list of responses as presented. We’ve edited only where necessary for spelling, grammar and clarity, and without changing the meaning.
40+ Cybersecurity Professionals in Their Own Words
1) “There is a difference between perceived risk and actual risk.”
2) “Inherent security is more important than a ‘shiny box’. Get the basics done first and measure for return on investment (ROI).”
3) “Budget is necessary to keep equipment up to date and hire qualified cybersecurity professionals.”
4) “Times have changed and while cybersecurity can be expensive; it can be even more expensive and detrimental if a data breach occurs. Cybersecurity should NOT be an afterthought but actually be part of day-to-day policy and planning; end users training should be continuous.”
5) “Pay now or pay much more later.”
6) “We need more human resources.”
7) “Invest more time in understanding what it takes to secure a network.”
8) “The pace of change in security is fast.”
9) “How much damage one human being can accidentally do through negligence.”
10) “A mistake or malicious user can invalidate any process and any tool.”
11) “Security professionals are here to help.”
12) “How easy it is to be breached.”
13) “That everyone is vulnerable.”
14) “Security doesn’t directly generate revenue, but it certainly helps maintain existing revenue. Give us more human resources!”
>> Also see this related post: How is the Relationship between DevOps and Cybersecurity?
15) “Is a continuous process that must encompass every operating, development and planning activity within an institution.”
16) “You can’t buy a tool and expect all security problems will be solved. Cybersecurity is fluid and requires repeat training for everyone in the organization – alongside constant purchasing, upgrading, reevaluating of security solutions, as well as training so that the specialists reside in-house – and keeps us from being at the mercy of the vendor.”
17) “More serious, this is.” [Citing Yoda, are we?]
18) “That DevOps needs to communicate more clearly and ask security for help, DevOps should not be making security decisions.”
19) “Stop using Google Docs!” [from a government security pro to government network users]
20) “Every system can be hacked.”
21) “Cybersecurity is always changing.”
22) “Cybersecurity is important, and it needs more funding and support.”
23) “We are willing and able to check anything they think is questionable.”
24) “Just how complex cybersecurity is.”
25) “Proactive is a variably scaled term: What you get in results, will rarely be outdone by what you give; but what you get, can, and almost always does, out-weigh what you give.”
26) “It’s easier and has a lower total cost of ownership (TCO) if security is done correctly up front than it is to try to fix problems after something has been built or deployed.”
27) “We’re in it to protect the business, not hinder the business.”
28) “It takes human resources to do the job accurately.”
29) “They need to put money towards it because security is integral to business operations.”
30) “It is complex and does not scale easily; this requires budget and full-time employees (FTEs).”
>> Also see this related post: 3 Reasons Why the Integration of Cybersecurity Tools is a Growing Imperative
31) “Security provides value to the business.”
32) “Security is constantly evolving.”
33) “It’s real.”
34) “It’s complex.”
35) “It takes money to protect the enterprise and the IT department requires an adequate budget to implement security programs.”
36) “There are many different facets to security and a single person cannot be expected to be an expert on each one.”
37) “Include us earlier in the planning cycle.”
38) “A better understanding of the resources required in order to achieve a rapid response could be improved.”
39) “Threats are evolving quickly, and business must be able to implement and change and security controls accordingly. Also, security culture is extremely important since people are the weakest link in the security chain.”
40) “There’s a cost for not protecting the business.”
41) “Cybersecurity is a strategic investment.”
42) “Business needs to understand the security implications of the trends towards the software define perimeter (SDP), bring your own device (BYOD), and securely managing multi-cloud complexity.”
43) “It is everyone’s business and responsibility.”
* * *
A summary of the study can be found here – Amid AI and Machine Learning, the Human Touch Remains Crucial to Cybersecurity in 2019, New Network Security Survey Finds.
In addition, a copy of the full report is freely available on SlideShare: The Top Challenges in Network Security for 2019.
If you enjoyed this post, you might also like:
The Top 10 Network Security Challenges in 2019