[BreachExchange] Five Reasons to be Thankful for IT Security

Mon Nov 28 18:44:22 EST 2016

http://www.securityweek.com/five-reasons-be-thankful-it-security

Unlike the political arena, or even other divisions of the technology
industry, when working in IT security, people rarely notice when everything
is done perfectly. When development delivers that great new mobile app that
your customers love, they (deservedly) get plenty of accolades. When
security delivers new policies that keep up with every industry standard
and regulation, there is no cheering. The more likely response is
complaining about the changes that will need to occur in response.

So if you’re a security professional who wants to help upper level
management understand how much you really contribute to the organization,
and why they should appreciate what are often thankless tasks, read on for
reasons to cheer on IT teams this holiday season.

#1 IT security saves money

This one might be controversial, as many see security expenses more like
insurance – a line item in case something bad happens. But, in today’s
threat environment, it’s not a matter of “if” but “when” a disruptive
attack will occur. Whatever the upfront security costs may be, the total is
probably less than dealing with the effects and recovery of a data breach,
pegged at an average of $4 million by the Ponemon Institute. Poor/no
security would invite repeated disruptive breaches.

#2 IT security retains customers

The same 2016 Ponemon Institute study revealed that “churn” (loss of
customers as a result of a data breach) was highest in the financial,
health and service organizations, and lowest in public sector and education
organizations. Regardless of what industry you’re in, Ponemon reports that,
“The biggest financial consequence to organizations that experienced a data
breach is lost business.” Data breaches have a very real effect on customer
choices. The more competitive the space, the more likely churn is going to
impact customer retention.

#3 IT security improves productivity

While cat videos and social media have been disruptive to the productivity
of many office workers, they are nothing compared to the attention that a
data breach investigation and recovery effort can command from IT teams,
communications teams, and even executive leadership. In a white paper
titled, “Cleaning Up After a Breach Post-Breach Impact: A Cost Compendium,”
the SANS Institute reports, ““In almost all cases, repairing damaged
systems, rolling back to a pre-breach state and replacing/repairing the
data were consistently mentioned as high-cost items.” Big breaches are now
front-page news – they will occupy a commensurate amount of valuable time
and disrupt the productivity of those involved.

#4 IT security will help you keep your job

What do the breaches at the Office of Personnel Management (OPM), Target,
and Sony Pictures all have in common? They all cost their CEOs (or director
in the case of OPM) their jobs. Increasingly, responsibility for cyber
security measures doesn’t just stop with the CISO or CIO, but goes all the
way to the top.

# 5 IT security is ethical

Regulations require compliance, and boards are interested in effective
demonstration of policies and controls to satisfy auditors. Audit findings
are often a public black eye, and it’s tempting to include compliance here
in the final slot. But beyond compliance, much of the regulation we deal
with as an industry is in place to protect customers, shareholders and
employees. Doing the right things to protect their privacy and intellectual
property from those who would abuse that information for personal or
competitive gain is the ethical thing to do, regardless of whether the
regulations require it or not.

So rather than continue to look at IT security simply as unallocated
overhead or a tax on conducting business, consider how you can thank the
unheralded security professionals in your organization, who in the best of
circumstances, go unnoticed.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20161128/beff12dc/attachment.html>