 |
| Kaspersky explains the cause of most corporate security incidents |
According to a study by Kaspersky, 67% of executives in Saudi Arabia and the UAE admit that a misunderstanding with their company's IT department or technical security team led to at least one digital security incident.
In contrast, 37% of non-IT executives report that collaboration between different work teams has decreased, and 42% of executives say that this situation leads them to question the skills and competencies of their colleagues, when they communicate with competent people of their colleagues who work in the field. IT security. Not sure.
Kaspersky conducted a global survey of more than 1,300 CEOs to determine the extent to which understanding between executives and information security teams affects the resilience of the organization. On the other hand, a recent Forrester analysis found that organizations spend an average of 37 days and $2.4 million to detect and remediate digital security breaches.
According to the study, almost all non-IT workers (97%) have fallen victim to misconceptions about IT security. In terms of impact, communication issues often lead to significant project delays (63%) and digital security incidents (62%).
Almost a third of the respondents (24% and 29%, respectively) said that they had encountered these problems more than once. Other negative effects included financial loss, loss of key personnel, and deterioration of team relationships, all of which occurred in approximately 60% of study participants.
Ambiguous communication with IT security personnel can not only negatively affect work metrics, but also affect the emotional mood of the team and make executives question the skills and capabilities of IT security personnel. On the other hand, 30% of the executives admitted that the misunderstanding caused them to lose confidence in the integrity of their work procedures, while 32% said that the situation made them nervous and affected their job performance.
Alexey Vovk, Head of Information Security at Kaspersky, took the opportunity to point out that clear communication between company management and the IT security department is a prerequisite for the success of security systems. "The challenge here is to put yourself in other people's shoes in order to anticipate and avoid misunderstanding," he says. On the one hand, this means that CIOs need to understand core business language in order to better explain risks and the need for security. Come on, business leaders need to know that information security is an important part of business in the 21st century, and allocating part of the budget to it is an investment in protecting company assets.
In order to make the communication between IT security departments and business departments within the enterprise more transparent, Kaspersky believes that understanding the other party requires understanding and knowledge. Therefore, it is recommended that IT security personnel learn more about business terms and basic business concepts through customized training. layers. Non-IT executives, in turn, replace IT security managers themselves in order to gain knowledge about IT security challenges.
The Company believes that neither IT nor other executives should isolate themselves in their own professional information circles; Keeping each party informed of what is going on with the other is another key to successful communication and mutual understanding between them.
Digital security professionals should use understandable language when communicating their needs to the board and justifying their need for a digital security balance to take precautions. Resources such as computer security calculators and reports based on expert feedback can make this task easier.
According to Kaspersky, it is also important to determine the financial allocation for investments in digital security tools that are proven effective and provide a return on investment, especially in today's world where digital threats are increasing and organizations need to increase their information security budgets. These tools can reduce false positives, speed up intrusion detection and incident management, and improve other measures for any IT security team.