Page Loader Logo
Loading...
833-847-3280
Schedule a Call
Partner With Us

Cyber Security and IT: Separate Them

Small and mid-size companies frequently ask how to organize their cyber security assets and responsibilities to best protect their companies. This is more a question of function than of form, and it requires companies to challenge some assumptions about their IT departments as well as the perceptions of cyber security reports.
The immediate action taken by most corporate management teams is to make cyber security the responsibility of the IT shop. It seems a natural fit to place a highly technical and complex function under the direction of the IT Director or CIO.

But the real reason for this decision is that most corporate management teams have a minimal understanding of cyber security, nor dedicate the time it takes to learn it. This is a poorly designed organizational structure that can impede the flow of critical information to the C Suite due to conflictive responsibilities.

There are two key perceptions that need to be addressed. One, a report on cyber security gaps and vulnerabilities (not to mention a breach) is seen by the C-Suite as a damning display of improper planning and a larger threat to the existence of their business. Two, the same report on the cyber security status of an IT architecture is deemed pejorative by Senior IT personnel and seen as a threat to their position due to the exposure of cyber security gaps. This leads to dilution, or even non-disclosure, of key cyber security findings to the C Suite.

Both these perceptions are weak, yet extraordinarily ingrained in corporate management. The C-Suite should understand that most, if not all, IT systems that are connected to the internet are going to have some vulnerabilities and gaps due to flaws in software and applications, not just architecture. They also need to understand that there is a good possibility that they will be, or are, breached, and they need to better prepare to respond to that breach. In most cases, this is not the fault of IT management. Rather, an analysis of their system such as a vulnerability scan or a penetration test offers a chance for the IT director to open the discussion with the C-Suite on the appropriate measures, to include budget, technology, managed services, training etc, required to better prepare the company for a breach response. They should not “white wash” or minimize the results of a report or scan.

The solution: corporate C-Suites should become educated on cyber security threats and shift focus from defense to now identification and response in reaction to a breach. They should not have the unreasonable expectation that technology and training can protect themselves 100% — staff should be required to prepare both a disaster response and crisis response plan. Finally, separate cyber security and IT, placing cyber security either under another C-Suite position due to its criticality or have it report to security where the conflict between reporting cyber security issues and their impact on the IT department does not impede the flow of critical information. These steps will go far in ensuring that cyber security remains a priority and does its job in keeping the C-Suite informed.

Latest Posts

A transparent image used for creating empty spaces in columns
Welcome to today’s briefing on a crucial topic in the realm of cybersecurity: internal network penetration testing. Now, I know that the term might sound a bit intimidating but fear not. By the end of this discussion, you’ll have a solid understanding of what it…
A transparent image used for creating empty spaces in columns
 In the world of cybersecurity, there’s a misconception that a clean pen testing report means something was missed or the test wasn’t thorough enough. But here’s the truth: receiving a clean report from your penetration test is not only a positive outcome—it’s a testament…
A transparent image used for creating empty spaces in columns
Hey there, folks! Let’s get one thing straight: when MainNerve talks about penetration testing, we’re diving deep into the world of cybersecurity. But hey, we know what people think when we say “penetration testing.” So, buckle up because we’re about to compare pen testing to…
A transparent image used for creating empty spaces in columns
 In the fast-paced world of managed IT services, we know that time is money. Your clients rely on you to keep their systems secure, and you need partners who can deliver top-notch services without slowing you down. If you’re a Managed Service Provider (MSP)…
A transparent image used for creating empty spaces in columns
The primary purpose of performing a penetration test is to simulate real-world attacks on a computer system, network, or application. This is done by skilled cybersecurity professionals, who are tasked with identifying vulnerabilities and weaknesses that malicious actors could exploit. Their role is crucial in…
A transparent image used for creating empty spaces in columns
 If your business relies on older technology, you’ll want to listen up. We’re highlighting a critical weakness in many organizations’ defenses: legacy systems. What Are Legacy Systems? Legacy systems are outdated technologies that are no longer supported with updates or patches from their creators.…
contact

Our Team

Name(Required)
This field is for validation purposes and should be left unchanged.
quick links to

Our Services

On Load
Where? .serviceMM
What? Mega Menu: Services
201 E Pikes Peak Ave Suite 2025
Colorado Springs, CO 80903