Bridging the Gap Between IT Security and Business Key to Changing Executive Mindsets

It's long been recognized that one of the biggest obstacles for change is overcoming mindsets and the old way of doing things. People are just accustomed to doing things a certain way. A technology company is finding out just how much that applies, even when it comes to something as important as securing IT environments.

According to the article, “Managerial mindset often the biggest threat to IT security,” executive lack for change particularly when it comes to IT security often poses the biggest threat to securing their environments. Marthinus Engelbrecht, CEO of NEWORDER Industries, said a general lack of understanding how IT impacts business profits may be the biggest stumbling block.

"It would seem logical that management in any business would understand that building a secure organisation is important to business continuity, long-term success and sustainability. Unfortunately, in many organisations, IT security is still seen as an IT issue and not a business one."

As executives stall on taking proactive measures in investing in security technology to protect their customers and confidential business assets, they could potentially face impending repercussions of online fraud and data breaches. Some of the ways cyber crimes can impact companies that wait too long to implement effective anti-fraud tools include:

Damage to corporate reputation: We've all read the headlines and know the immediate impact a data breach can have on a business. But along with the potential problems customers can experience after their data has been compromised is the long-term damage to a company's reputation. The challenges of changing public perception and re-establishing trust following a data breach include retaining existing customers and obtaining new ones.

Lack of legislation compliance: We all know the importance of compliance in today's fraud landscape. Authentication regulations like the FFIEC are not only a way the federal government says organizations can better protect their customers and IT networks, but not complying with security standards can leave a company susceptible to litigation and fines.

Keeping up with emerging attack vectors: Just because a company has deployed a new security solution doesn't mean it's protected from all threats. With customers now connecting to corporate networks through their PCs and mobile devices, new threats are emerging from different customer platforms. Without ongoing education and re-evaluating existing security strategies, hackers will remain one step ahead of companies' fraud defenses and security policies.

Engelbrecht hit the nail in the head when he said that a bare minimum approach to fraud and theft is not good enough. IT security must be elevated to a higher business priority and it starts by educating executives about how IT and operations effect the bottom line. It's only when management truly understands the financial impact fraud can have on an organization that business executives will start to think differently and begin taking proactive steps to protect their IT environments against new and emerging cyber crimes.


Published By: www.iovation.com
Published Date: December 2012