One of the barriers to proper cybersecurity policies has always been clashes with upper management. Countless IT professionals can tell you the issues they have run into when trying to play the balancing act of pushing for strong security measures while dealing with ignorant board members only concerned about saving money. While the issue of ignorance in upper management is still a rampant problem, some new research is indicating that board members are starting to take InfoSec issues more seriously, especially when it comes to ransomware awareness.
The research in question was conducted by SentinelOne and subsequently reported in a blog post. The findings were tied to the recent wave of high-profile ransomware attacks and the exponential growth of the damage caused in monetary costs by ransomware. As SentinelOne states, of the numerous companies surveyed, roughly 56 percent of them said they were “implementing employee training and awareness programs at the board level.”
Taking a deeper dive into the report shows numerous eye-opening statistics as well. More than one-third of the surveyed board members believed “that their general attack concern level has increased” with regards to ransomware. The result of more comprehension of the dangers of ransomware attacks has led to the reported figure that nearly half of the polled companies are increasing their security budgets to fight ransomware attacks. There are some issues with focusing on just one type of attack rather than taking a more widespread approach, but the news is certainly welcome after so many incidents including WannaCry.
One of the most encouraging statistics is that 38 percent of the polled board members are showing more initiative in the ground-level process. This includes, as SentinelOne words it, “implementation of security processes, policies, and protocols.” The more that board members see the everyday struggles that their cybersecurity divisions face, the more they will not only appreciate their hard work, but they will gain a more intimate knowledge that can aid in making policy.
There is still a lot of ground to cover in bringing upper management into proper synergy with their InfoSec divisions, but this report is a glimmer of hope. As long as a company doesn’t focus solely on ransomware awareness but rather establishes a holistic security program, there could be a turn in the tide against black hats looking to exploit common workers for cash.