Slashdot Mirror

← Back to Stories (view on slashdot.org)

On Cybersecurity, Execs Are Burying Their Heads In the Sand (bizjournals.com)

Posted by msmash on from the embarrassing-truths-of-life dept.

An anonymous reader writes shares a report on BizJournals: Despite increased spending on cybersecurity, most executives are unprepared, even willfully ignorant, of the threats that could damage their businesses. A survey of 1,530 C-level executives across of range of industries found a widespread feeling that cybersecurity is an "IT problem," even as CEOs personally shoulder the consequences for breaches. "The Target breach was one of the more significant ones: Executives can be held accountable," says David Damato, chief security officer at Tanium. "But there's still that disconnect. Executives still struggle with: 'What should I be looking for?'"

3 of 45 comments (clear)

  1. Endless audits, very little actual work. by clintp · · Score: 4, Interesting

    Once the executive team figures out that IT security is really important they tend to fuck it all up with an endless parade of audits and consultants

    Like any parade, it's all for show. These people swoop in, make IT teams fill out questionnaires, conduct interviews, write reports, make recommendations, but nothing real actually gets done. What IT needs are people willing to get their hands dirty and actually help out with these projects. IT winds up having more thrown on their plate without increases in staffing or budget.

    Ditch your PricewaterhouseCoopers schmuks and hire someone to actually do the work.

    --
    Get off my lawn.
  2. Re:You want the simple answer? by Z00L00K · · Score: 3, Interesting

    No, but the other persons on the board will just say STFU, we got this and kick him out.

    That's because they don't think that they will suffer the "pants down" situation when the shit hits the fan.

    And that's why the IT department is held off from the board of directors, and why IT departments are outsourced.

    --
    If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
  3. Sounds cliche but... by Anonymous Coward · · Score: 1, Interesting

    Windows is the problem. Always has been, always will be. They've done nothing to address their broken auth system. Every APT and pentest since the widespread adoption of NT 4.0 has been: Own any one workstation or server on a network, dump the cached credentials or crack the local admin account, dump the domain controller, crack everyone's password, lulz, repeat lulz until satistified.

    Now, why do businesses run Windows? Office. Seriously the only reason. All other software could just as easily have been written for another platform given that it's 3rd party. Office keeps Windows afloat in business.

    Why Office? Calendar and Outlook. The rest are just necessary to be a productivity suite. It's the one piece open source has failed to replicate well.