What are the biggest issues within IT that weaken cybersecurity efforts?

638 views1 Upvote7 Comments

CEO in Software, 11 - 50 employees
In almost every organization I've been a part of, even large ones, the biggest problem is that we still treat security as if it’s not one project but 17 separate projects to do different things for the organization. And there's no validation of the risk/reward ratio necessarily, for each one of them—there's no correlation of overall value independently and no attempting to tie them all together into some measurable metric. They are just independent activities that a company deploys as they are comfortable or as they have someone with the skill or the willingness to spend money on something to deploy. That’s very different from the way a company like Google, Microsoft or Intel look at their overall security.
2 2 Replies
CISO in Software, 51 - 200 employees

It's the new IT.

CIO Strategic Advisor in Services (non-Government), 2 - 10 employees

It's not the new IT, though. It's the old IT in a new age and a new year.

CIO Strategic Advisor in Services (non-Government), 2 - 10 employees
I was on this call with a group of CIOs and we were talking about strategic risk for an organization, a board level conversation. The conversation quickly devolved to technology solutions. I said, "Hold on a second, we need to talk about the different types of risk to understand the value to each: financial, reputational and legal. Value may not be the right place but value has a positive and a negative to it that equates to decisions you make.” But the conversation immediately devolved within one step to, "Let's talk about technology solutions for cybersecurity."

And I'm like, "It's bigger than that." They talked about the same tools and processes that always come up: training and putting a good firewall in place. We've done this for 10-15 years and we don't have a better outcome—why aren't we stepping back and saying, "How do we do this differently to get a different outcome?" And I see a huge gap between the CISO and CIO, and the CEO and the board, in how they're looking at the organization.
CIO in Telecommunication, 1,001 - 5,000 employees
A company's ability to invest in their cybersecurity portfolio is limited. Any company's IT cost is about 2.5-3.5% of the revenue. With that, you are to maintain everything. Cybersecurity gets an allocation but at best it will be 1/3, it is still a small amount. With that budget, it's not practical to get the best of breed in terms of all the security products that are available out there. So, you need to prioritize according to the best that you can do, given the limited resources given to you.
AVP- IT Operations, Self-employed
Security starts and ends with U and today main issue is U is missing.
CIO in Education, 1,001 - 5,000 employees
Agree with other comments here; this is largely a people problem.

Content you might like

CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
44.9k views132 Upvotes322 Comments