Since funds are limited, they should be used wisely. “A lot of times, especially with cybersecurity products, the solution doesn’t solve the problem, it creates new problems to solve and more work to do,” Terrill said. “If you can write a check and solve a problem, that’s the cheapest problem you have.”
Teach and share
In most companies, employees have limited security knowledge. “The general awareness of your colleagues about cybersecurity risks, regardless of their position, is often basic and often ignorant,” Chichlo said. This can be changed, however, with effective training conducted across all departments, including IT. “There is a huge educational effort to be made,” he adds.
In addition to education, a collaborative environment should be encouraged. CISOs should aim to collaborate, rather than point fingers, as they are there to help, not criticize mistakes.
Source link