This article is more than 1 year old
One surefire way to get the boss's attention on network security is to get hacked. But there must be a better way?
And there is – check out our latest survey findings
Reader survey With anyone who can work from home actually doing so during the pandemic, networking – and therefore network security – has become more business-critical than it was before.
Yet when Freeform Dynamics surveyed Register readers for their experiences with network security, it was frustrating to see so many say that the one sure way to persuade management to take it seriously was to suffer a major computer security breach.
Fortunately, differences appeared when we dug deeper. And when we asked practitioners to rate their organisation’s performance on network security, alongside other factors, such as what limited, challenged, or helped them in their work, we uncovered some rather interesting correlations.
A few looked a little unsurprising at first, such as the discovery that those who performed best on network security – our top performers – were also less likely to be working with outdated tech, inadequate budgets, and insufficient staff. Yet simply seeing it in black and white was illuminating: properly resourcing your net-sec function, and positioning it as an enabler rather than a blocker, drives measurably better results.
Other conclusions both confirmed anecdotal wisdom, and clearly correlated it with poorer network security. For example, yes, there are managers and directors who refuse or evade the net-sec responsibility that is rightfully theirs – and probably legally theirs, too – and yes, net-sec practitioners are often denied the authority they need and the respect they deserve.
Again, all of this behavior correlates with success, or lack thereof – for instance, the mainstream respondents were almost three times more likely than the top performers to say that those responsible for day-to-day security often lack the necessary enforcement authority, at 46 per cent versus 16 per cent.
By now you might be wondering where’s the good news, or is it all doom and gloom? Fortunately, although there was no obvious blueprint for success, we did see clear indications of the kind of things that characterize those organisations that do net-sec well.
In particular, some strong threads emerged as we compared our more and less successful groups of respondents, and as we looked through feedback on what had, and hadn’t, worked in the past in terms of getting net-sec the attention it needed. Many of the problems ultimately linked back to the levels of engagement – or rather, disengagement – with the business and the people running and working for it.
To find out more, including ideas on how to identify and improve those problems, you can download the full report, Network security in the spotlight, right here.