02/23/2024

Most Companies Don’t Have a Security Problem

They have an IT leadership problem

Recently, I was talking with a couple of friends who now work at Google and Amazon Web Services about how they have helped their previous organizations stem a critical problem in their respective cultures. Each found that their tech teams had a tendency to self-cancel cybersecurity best practices at critical steps of a particular project. This is a practice that I call, "quiet cybersecurity quitting," the result of problematic process maturity. It can easily overwhelm the most talented technicians, the coolest software and the best of intentions if left unaddressed. Why does this happen? The reasons are many, but they all stem from problematic IT leadership.

Quiet cyber quitting

Quiet cyber quitting happens because, in many organizational cultures, cybersecurity is perceived to slow processes down. As leaders, our job is to make things happen. Yet, it’s easy for us to fall into a magic cybersecurity worldview where someone feels that tech can be adopted rapidly, and where implementation steps can be skipped with impunity. Therefore, that person has little patience for understanding how to work tech into their business plans. This is a primary culprit for the pervasive lack of quality communication that occurs between tech departments and upper management. The resulting siloed thinking causes serious problems. This leads to the perception – or fact – that IT departments are time and resource-constrained, and struggle to make things happen.

Organizations have gotten away with these attitudes and behaviors for years; that’s not the case any longer. Moving forward, wise, strategic use of tech will mark the difference between organizations that succeed, and those that struggle. Until then, lack of executive communication and quiet quitting will create a toxic IT environment. IT departments chronically rack up technical debt and demonstrate a general tolerance for shadow IT. These behaviors are largely invisible to the institutions that tolerate them. Here’s a look at the primary problems and key solutions when it comes to the state of cybersecurity in 2024.

Please select this link to read the complete article from SmartBrief.