Deciding who is accountable for data security within your business is far from clear-cut. Individual errors may have led to the breach, but these may have only been possible as a result of poor security policy, at which point blame often shifts towards the IT team. However, in the wake of a data breach, it is important that businesses do not start throwing accusations around wildly. Determining who is ultimately responsible for company security is not about realising who is to blame, but rather who is in charge of making sure similar mistakes are not repeated.
[easy-tweet tweet=”Recent research by #VMWare found that cyber #security can no longer be left to the IT team alone” user=”VMware”]
Recent research carried out by VMWare, however, has found that cyber defence can no longer be left to the IT team alone. In fact, 29 per cent of IT Decision Makers (ITDMs) and office workers believe that the CEO should be held responsible for a significant data breach. Similarly, when asked who should be most aware of how to respond to a data breach, 38 per cent of office workers and 22 per cent of ITDMs said the board, while 53 per cent of office workers and 40 per cent of ITDMs believed it was the remit of the CEO.
Evidently, the response to cyber attacks is changing and it is important for businesses to understand why. Firstly, organisations are coming to terms with the fact that it is often a case of if, not when, a data breach occurs. 24 per cent of businesses expect a serious cyber attack to hit their organisation in the next 90 days and one look at last year’s headlines will reveal how harmful they can be. Reputational damage as a result of a data breach can be difficult to recover from, as the likes of TalkTalk and Ashley Madison are now discovering. With the frequency and impact of data breaches becoming better understood, it is not surprising that businesses are moving towards a more holistic security policy, one that comes all the way from the C-suite.
“The issue around accountability is symptomatic of the underlying challenge faced as organisations seek to push boundaries, transform and differentiate, as well as secure the business against ever-changing threats”, explained Joe Baguley, CTO, VMware, EMEA. “Today’s most successful organisations can move and respond at speed as well as safeguard their brand and customer trust. With applications and user data on more devices in more locations than ever before, these companies have moved beyond the traditional IT security approach which may not protect the digital businesses of today.”
The need to constantly innovate mentioned above has proven difficult to integrate with existing security measures for some companies. The rise of mobile devices and cloud computing has created far more access points, and hence vulnerabilities, for corporate data, and the expected growth in IoT technologies is only going to exacerbate the issue.
[easy-tweet tweet=”Communication moves data #security from being a blame game to more about collaborative solutions” hashtags=”VMWare”]
Technical solutions, including a software-defined approach to security and encryption on data at rest and in transit, will help, but cultural changes are also in order. IT security must be demystified if businesses are to become better protected and for that to happen, clear and continuous dialogue must take place between the IT team and the board. That way, security becomes less of a blame game and more about collaborative solutions.