By Sascha Giese, Head Geek, SolarWinds
What is an acceptable level of risk for IT pros and their organisations? The answer to this question has changed in recent years, with the threat landscape shifting dramatically both due to global events—the pandemic driving the need to accommodate remote workforces—and the increasing sophistication of the attacks deployed by cyber hackers.
Not long ago, organisations could be more generous in their assessment of what constituted an acceptable level of risk, acting less aggressively to snuff it out if it was deemed anything other than “high”.
Now, however, it’s absolutely essential for any potential threats, regardless of how seemingly slight they may be, to be addressed with the utmost seriousness. If IT pros and their businesses fail to assess and act upon these threats, the consequences could be extremely severe. To do so, however, IT professionals and senior leaders must collaborate clearly and effectively to identify and tackle potential issues at the earliest possible opportunity.
For many organisations, this is a point already well understood. The recent SolarWinds IT Trends Report found 49% of IT pro respondents perceive their organisation’s senior leaders or decision makers have a heightened awareness of risk exposure, believing it’s not “if” but “when” they will be impacted by a risk factor.
Here, we look at how this awareness represents a greater opportunity for IT pros to collaborate with senior leaders and help ensure better risk mitigation for businesses. We also address the challenges still apparent in ensuring this level of cooperation and how they can be overcome to ensure a more secure future.
Changing perceptions
The SolarWinds IT Trends Report found 39% of overall tech pro respondents stated their organisations have had medium exposure to enterprise IT risk over the past 12 months. As for the factors influencing this exposure, security breaches are perceived to be the most significant external factor, with 46% of respondents citing external security threats—like cyberattacks—as the top macro trend influencing their organisations’ risk exposure.
Given how many businesses have seen medium exposure in the UK, it’s concerning to learn only 31% of IT pro respondents believe their organisation is prepared to mitigate and manage risk, while 27% said their senior leaders have difficulty convincing other leaders of this reality, ultimately limiting resources to address risk.
It’s clear organisations, and senior leadership in particular, need to change the way they perceive risk.
Businesses need to shift the threshold for interpreting risk exposure, aligning it with how threats have been amplified by external factors. Put simply: any level of risk should now be deemed as unacceptable, and be urgently addressed, if businesses are to witness a more secure future. So, how can IT pros work with senior leadership to ensure this is the case?
Improved collaboration
There’s a huge opportunity for IT pros and leadership to align on priorities and policies to ensure their organisations, and wider industries, are best prepared to mitigate, manage, and minimise risk. Key to realising this opportunity, is collaboration, and establishing the understanding that security compromises will likely happen, regardless of how tight a ship is run.
More sophisticated threats will emerge, other external factors will play their parts, and enterprises will face threats they may not have accounted for. With this in mind, IT pros should implement detection, monitoring, alerts, and response along the kill chain, engaging in tabletop exercises to measure effectiveness and ensure they have the tools in place to address these threats, and defend against any level of risk exposure as the threat landscape expands.
In terms of how best to collaborate, the study has shown one-third of respondents felt their organisations are improving alignment between IT business goals and corporate leadership in response to other tech adoption barriers, like a lack of available IT management tools and decreased staff size. A good start, but more businesses need to ensure this alignment is in place if they are to reap the rewards.
Ensuring IT teams and senior business leaders are having ongoing, strategic discussions regarding risk, and the necessity for investment—in both time and money—is vital. IT pros have to be prepared to fight for their cause, understanding budgets are stretched and any case they make for new deployments must be accompanied by water-tight proposals, backed by figures on effectiveness, justifying the outlay.
IT pros should also feel empowered to make a similarly well-argued case when discussing lack of training for personnel, lack of resources to facilitate upskilling, and finding time for skills development.
Key to these discussions is IT teams learning the “language of business,” enabling them to make a business case to senior leaders as to the value training can bring to an organisation. For example, a business with an IT team ill-equipped to combat threats could see significant losses should an attack occur. Investment in training can nullify this risk and help ensure an organisation is safeguarded against such losses.
Framing such discussions in business language can help IT teams make their case and secure the investment needed to deliver better risk mitigation. As organisations look forward after a period of unprecedented upheaval, it’s time to reassess how risk is viewed and for IT pros and senior leaders to work more closely to help ensure a secure future.
