Cybersecurity isn’t just for the IT team to manage

1. Attacks don’t always come through the front door anymore

For a long time, great security came down to protecting a single access point that everyone used. All the important information was safe inside the house, and as long as you controlled who walked in, everything would be fine. IT departments were good at handling this kind of security; they built strong front doors with reinforced locks and pointed cameras at the sidewalk.

Now, the single strong access point has vanished. It has been replaced by an assortment of mobile devices running an infinite variety of apps and software options. IoT has turned tools like printers and energy monitors into potential avenues of attack on business networks. We’re still guarding the front door, but now everyone in the house is running around opening windows and leaving backdoors unlocked.

2. You don’t own the cloud

Organizations used to build their own data infrastructure. Business owners would decide on the strengths and capabilities they needed and then hand it off to the CTO to build it. When we built our own data centers, we were free to make them meet our security needs, too.

But you aren’t building the cloud. “You're no longer doing it,” said Kevin L. Jackson, founder of GovCloud Network. “You're going to somebody else's data center.” The cloud works because it is decentralized; that means you no longer own the infrastructure. Outsourcing networking mechanics to a cloud service provider doesn’t replace the need for ongoing due diligence. Hard-won network security can be breached through your cloud provider’s security inadequacies.

3. Security isn’t an expense, it’s an investment

Connectivity makes organizations more efficient and profitable than ever, but that connectivity comes with more cybersecurity risks. Connectivity is so important that it has changed how business owners should view their IT departments: good security isn’t an expensive drain on resources, it’s an investment in future profitability.

Many CFOs have been finding themselves more involved with IT conversations exactly for this reason.

The cost of cloud hosting and server migration can be a high, ongoing expense that organizations have to plan for financially, according to Danessa Lambdin, VP of Cybersecurity Solutions at AT&T. This is especially important considering the huge costs that can come from a large data breach.

“I think you're going to see a larger role in this area for the CFO,” Lambdin said, “given their compliance and risk management responsibilities for the corporation—and just the implications of a breach on the business. I think you'll see that more and more sitting in that CFO’s space.”

Since CFOs usually lack technical expertise, this means that they’ll need to work closely with technology or information­–focused executives like the CTO or CSO. Without their input, a CFO is likely to make a financial-based decision that doesn’t cover technical requirements. This is often a bad long-term financial decision because of the costs associated with data breaches.

4. The cybersecurity problem is worse than you think

Security is getting harder, thanks to more network vulnerabilities and more attackers—including well-funded state-financed attackers—trying to find a way in. But there’s also a growing disconnect between business and security groups.

For example, 65% of respondents to the AT&T survey said that they have adequate in-house talent to address their cybersecurity needs—but 80% of those respondents also admit to suffering an attack during the previous year.

Senior executives are particularly confident, with 70% of C-level respondents saying they’ve got enough IT talent. When the same question goes to IT workers closer to the front lines, only 56% say that the organization’s needs are covered.