Businesses see the benefit of security and understand the threat, but technology remains challenging.
If an executive were to say “I don’t understand technology” they would be saying “I don’t understand the world in which we operate”, according to Protiviti managing director Jonathan Wyatt.
Speaking at a company event in central London, Wyatt said that cyber security is “dominating the risk agenda” as there is a realisation that attackers do not to be creative and that businesses cannot protect everything.
He said: “We find that the risk appetite is often higher than a business realises, but looking at their behaviour it is often higher and there is a disconnect there.
“It is tolerated as it is an inconvenience and the reality is that board executives have accepted information security on their agenda but few understand the risks and simply say ‘we employed a CISO’ and move on to the next question. Too many organisations do not have an idea of what technology to acquire and do not have a clear view of their strategy.”
Wyatt said that often, risks are dealt with by purchasing solutions that protect the entire company but work in a generic way. “You need to do the basics and do it well, but it is about lowering the nuisance factor,” he said.
Asked if he felt that money was wasted on a solutions, Wyatt said that the bigger waste was when it came to deployment as if the same security is put on the meeting room booking system as on the online banking platform, it is a waste of money. “You need some level of control and get some idea of investment,” he said. “It is not about moving tool out, implement them enterprise-wide and it becomes the default across the enterprise.
“Putting data loss prevention technology across 20 people who know something is better than doing it across everyone.”