Laurence Cadieux
Internationally-recognized cybersecurity expert — and keynote speaker at the inaugural Devolution Central Online in 2020! — Nick Espinosa has listed what he calls “The Five Laws of Cybersecurity”:
- Law 1: If There is a Vulnerability, it Will be Exploited
- Law 2: Everything is Vulnerable in Some Way
- Law 3: Humans Trust, Even When They Shouldn’t
- Law 4: With Innovation Comes Opportunity for Exploitation
- Law 5: When in Doubt, See Law 1
The key takeaway of Nick’s message — and warning — is that a strong, compliant, and continuously monitored cybersecurity program is not optional. It is mandatory! A single data breach can cost hundreds of thousands or even millions of dollars in lost productivity, investigation and remediation, customer loss, reputation damage, lawsuits, and fines.
And that brings us to July’s poll question: Who is responsible for cybersecurity in your company?
Our goal with this question is to get a better understanding of the job title/role for the individual (or team) that is tasked with developing and implementing risk mitigation plans, strategies, techniques, systems, platforms, and tools, in order to protect data from cyber threats.
The Responses
We had hoped to generate a fairly large volume of responses. The bad news is that our expectations were not met. But the good news is that they were EXCEEDED! In fact, this turned out to be one of our most popular poll questions ever. Here is a snapshot of the responses, which are categorized by individual and group:
Individual
- The most common job title of the individual responsible for cybersecurity is IT Director (or Director of IT).
- The second most common job title is CISO.
- The third most common job title is SysAdmin.
Other job titles that were mentioned include: Information Security Manager, Cybersecurity Manager, CSO, CDO, CIO, Director of Information Security.
Group
Several community members told us that a group/team, rather than an individual, is primarily or exclusively responsible for cybersecurity in their companies:
- The most common group/team responsible for cybersecurity is the Cybersecurity Group.
- The second most common group/team is Information Security Office.
- The third most common group/team is the IT Department.
It Takes a Village
It was also interesting and insightful that several community members said everyone is responsible for cybersecurity in their company. For example:
- Ben Liebowitz: “I always say it takes a village. EVERYONE in the company is responsible! From the secretaries, to the IT workers, to the Infosec team. We all have to stay vigilant, watch what we click on, etc.”.
- Justpaul: “Everyone is responsible all the down to the end user.”
- Wilfred Oskam: “I think everyone is responsible from the highest person responsible for the company to the end user, as those are the first that are mostly presented with malware or phishing.”
- Jwalant Natvarlal Soneji: “It’s all. Everyone has to play their role.”
- Abhijeet Vaidya: “Every employee whether permanent or on contract. It’s a collective responsibility.”
- Anonymous Commentator: “Everyone is responsible for security… being secure requires effort on the part of every user.”
- dotnVO: “Everyone is responsible for cybersecurity at our company. We all have a role to play. I find this to be true in most organizations to be honest, though they may not realize it.”
We completely agree with this view. While certain individuals or groups/teams are ultimately accountable for cybersecurity (and hopefully empowered with the appropriate resources, budget, and authority as well), it’s everyone’s responsibility to keep the company safe from cyber threats.
The Winners Are
First of all, you’re ALL winners, because you are a major part of the cybersecurity solution in your company — which is incredibly crucial. Look at it this way: losing a profitable customer or facing steep cost increases (supply chain, we’re looking at you!) are painful and miserable. But getting invaded by hackers can be permanently catastrophic, given that 60% of small businesses fold within six months of a cyber attack. You should all be proud of the contribution that you are making. Not all heroes wear a cape (some of them wear Hawaiian shirts and sandals, like the Sysadminotaur gang!).
Now, let’s reveal the two randomly-selected poll participants who will each win a $25 Amazon gift card. Congratulations to Wilfred Oskam and Thomas Higgins! Please email lcadieux@devolutions.net to claim your prize.
Stay Tuned
Looking for the August poll question? It’s on the way! Please stay tuned.
Steven Lafortune
