IT Management Challenges and Solutions in a Cyber World

Cybersecurity has changed the way companies do business. Over the past ten years, we’ve seen a tremendous shift placed on the importance of best cybersecurity practices throughout organizations. If a company that continues to discount the importance of cybersecurity hasn’t already gone out of business, it will likely succumb to some form of in the not too distant future.

Just how bad is cybercrime?  
Cybersecurity Ventures (www.cybersecurityventures.com) predicts that cybercrime will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015. In order to counter this anticipated explosion in cybercrime, companies will need to properly allocate their security budgets in the neighborhood of $1 trillion over five years according to a 2019 Cybersecurity Market Report published by Cybersecurity Ventures.

How much money should IT management spend and where?

When it comes to cybersecurity, knowing where and when to spend the funds is critical to winning the war on cybercrime. IT Managers are accustomed to unencumbered spending to upgrade their networks in the form of new servers, expanding a data center, or adding devices to their networks such as smartphones, laptops, and tablets. But adding cybersecurity into that equation can muddle the outcome. Where is the spending making a difference and when is it being wasted? This is where it is wise to bring in a trusted third party that has expertise in cybersecurity tools and technology and understands your business. All organizations should be able to clearly identify what they are trying to protect. Whether it is the company’s intellectual property, personal information such as customer’s credit cards, or event staffers’ social security numbers, once the company ‘jewels’ are documented and identified, a trusted third party can easily aid in deciding where and when effective spending should be implemented. The internal staff and IT managers often can’t see the forest from the trees and might even have a conflict of interests as they are in the trenches every day to the network up and running. They cannot always discern where the vulnerabilities live and may mistakenly write something critical off as unimportant.

Damage resulting from a cyber data breach 

When the dust settles and a company’s IT and management team sit down to assess the aftermath of a data breach, they need to do damage control. If they can’t internally isolate the weak spots that cybercriminals used to gain entry into their network, they will need a third party to step in to avoid repeated exploitations of these weaknesses. 

IT managers need to carefully analyze the damage inflicted upon their organization. They should make sure going forward that they can clearly identify a potential breach and have the ability to quickly contain it. A probe into business disruption, revenue loss, and even damage to the network should be launched. Many companies focus on the monetary damage post-breach, but there are other intangibles to consider including a company’s reputation. Businesses spend significant sums of money each year to build and maintain a strong lasting brand but a single breach can change this virtually overnight.  The sting of a cyber breach cannot be underestimated.

Who is responsible for cybersecurity in an organization?

Most employees and management within an enterprise try to distance themselves from everything and anything that has to do with cybersecurity even before a breach. After a breach, they are quick to point at the IT team who have always been there. After all, the IT team is instrumental in keeping the company networks up and running, but they are not the sole group responsible to defend against cybercriminals. That responsibility falls upon everyone within the organization including the janitor all the way up to the CEO to implement cybersecurity best practices. After all, cybercriminals are waging war against the company and will exploit anyone at any level targeting the weakest link. Therefore, it is imperative for organizations to provide regular cybersecurity training to all employees including password management and identifying phishing email scams for instance. When employees are properly trained, and understand what good cyber hygiene entails, they are more likely to reach out and communicate with IT managers when something suspicious surfaces. 

As the cyber threat landscape continues to evolve, IT managers need to be on the offensive and anticipate cybercriminals’ next moves. It is essential for IT managers to get the entire organization to buy into their cybersecurity policies and procedures and implement best practices so they all collectively beat back cybercriminals.

By Scott Schober
cybersecurity expert, Pres/CEO of BVS 
New Jersey, USA