The idea of an accountability gap in the
tech and enterprise industries is nothing new. However, thanks to a study
conducted by a team of researchers from Goldsmiths and University of London, we
now know it to truly exist.
The study is called The Accountability Gap:
Cybersecurity & Building a Culture of Responsibility. It reveals the gap
between what corporate-level business managers believe they are prepared for,
and what their companies and networks are actually prepared for when it comes
to cyber and data security.
The reality is that many companies are
vulnerable to outside attacks - even though managers believe they are not - and
there is a serious lack of accountability the higher up the power chain you go.
That is, many corporate-level executives feel they hold no responsibility when
it comes to a cyberattack - it is simply not their fault and out of their
control.
That is not necessarily true. In fact, if
the execs that are actually accountable for keeping companies' data secure and
inaccessible feel they are not responsible, then that company is at a much
higher risk for attack.
How Was This Information Collected?
To conduct the study, researchers surveyed
1,530 high-level executives including those that hold the title of
non-executive director, C-level executive, chief information officer and chief
information security officer. Participants were from a variety of locales
including United States, United Kingdom, Germany, Denmark, Norway, Sweden,
Japan and Finland.
What the researchers found is that 98
percent of business leaders who work for the most vulnerable companies do not
feel it is possible for them to monitor data being transferred to and from
devices on their network at all times. To translate, this means that there are
a variety of unknown devices connecting to their network and tapping into data,
and since they cannot be tracked, it is impossible to know what the users of
these devices are doing. Any one of them could be a significant security risk.
To show the mutual understanding of
accountability, out of 90 percent of respondents that fit into the category of medium-to-high
risk in terms of vulnerability, 40 percent admitted they don't feel responsible
for a cyberattack or the fallout that comes with it.
This should be alarming news, especially
considering cyberattacks have been on the rise over the past few years.
Companies like Ashley Madison, Target, Scottrade and even agencies like the
IRS, FBI and CIA all experienced detrimental cyberattacks from an outside
threat.
Company executives need to understand
their responsibility when it comes to protecting internal and customer data.
They also need to be made aware of the current measures for doing so, as well
as the current methods hackers are using to breach a network, more informed
decisions can be made.
To make matters worse, about 91 percent of
board members and executive-level decision makers employed at the most
vulnerable companies cannot even interpret a cybersecurity report. They do not understand the security measures and protocols needed to
protect sensitive data from being accessed during a breach, and they most
certainly do not understand the implications of an attack.
If it's one thing this report has made
clear, lowering the overall vulnerability at a company requires teamwork. All
employees from standard job titles to high-level executives - including board
members - need to be educated on cybersecurity and personal accountability.
Only then will the gap between how vulnerable
a company truly is and how vulnerable many believe it is be lowered, if not
closed altogether.
How Can Companies Address This Issue?
The ultimate goal is to move many of these
vulnerable companies to platforms that are more secure. Many believe there are security threats to content
management systems which are not manageable, but that is not true. A lot of
these companies would actually benefit from making a switch to a third-party
platform because in-house development could be cut down, and many security
vulnerabilities could be taken care of, if not removed completely.
While operating from an internal website
or network, you absolutely need a technical and IT resources team to take care
of the maintenance, especially when it comes to cybersecurity. By using third-party
tools, some of that responsibility can be removed from the company and the IT
team.
Adopting such a system does not mean
accountability would be taken away from the appropriate parties. As individual
employees, everyone is responsible for their own form of accountability. That
includes setting secure passwords and codes, protecting sensitive company data
through encryption and much more.
##
About the Author
Kayla Matthews is a tech-loving blogger who writes and edits ProductivityBytes.com.
Follow her on Twitter
to read all of her latest posts!