Why Security ‘Next Quarter’ is Worse than No Security

Over the past several years, my team and I have engaged in countless discussions with IT and business leaders of mid-market organizations.  They are often looking to improve their security posture, adhere to regulatory compliance, or report to their management/board on the steps they are taking to prevent being all over the news over a cybersecurity breach.  Typically, the technical leaders we’re speaking with, IT Managers, Directors, and VPs, recognize the need for enhanced security.  Yet, they have a hard time securing budget, or convincing “the business” that this is a necessary expenditure.  As such, cybersecurity initiatives tend to take a ‘back seat’ to other more prominent projects, especially ones with an easier to measure ROI and TTV (time to value).  We are often told: “Guys, we love this!  We understand the value proposition, the service is unlike any we’ve seen, and your price is reasonable…  but, let’s chat again next quarter.” 

I humbly submit, that postponing cybersecurity discussions until later is a recipe for disaster.  As the title of this post says: security “next quarter” is worse than no security.  Unfortunately, some mid-market IT leaders use plausible deniability as a reason not to even engage with a cybersecurity firm.  They would rather not have a conversation, than acknowledge that they are aware of risks, and are choosing to do nothing about it. 

DevOps Connect:DevSecOps @ RSAC 2022

Encouragingly, some progress is being made in promoting awareness of cybersecurity risks amongst organizational leadership.  Undoubtedly this is spurred by constant barrage of cybersecurity events/breaches in the news, which makes business leaders nervous.  What remains lacking is any urgency for action that this awareness should dictate.  Indeed, prioritization of cybersecurity programs, purchases, and policies is seemingly difficult to achieve.

Read on for the (Read more...)

*** This is a Security Bloggers Network syndicated blog from IntelliGO MDR Blog authored by Effi Lipsman. Read the original post at: