In times of hardship it is always comforting to seek out words of wisdom so let’s turn to that pelvic-swinging icon of bad taste Elvis Presley, who, in his latest musical remake from the grave, says it’s time for “a little less conversation a little more action”. Wise words indeed and they certainly apply to the current state of play in IT security. Yep, everyone’s talking about the need to improve security and how it should be THE priority.
Everyone agrees. You won’t find a shred of discord among vendors, IT security managers and government officials about the need to align information security and business objectives.
Hey baby, it is a veritable lovefest, but with very little action. Everyone’s walkin’ the walk and talkin’ the talk at this little love-in, but can’t get down and dirty to deliver the goods.
Why? Because every IT security manager I spoke to last week said they cannot get the necessary funding required from their organisations. Business executives are quick to say reputational risk is critical but you won’t see anyone putting hands in pockets. This disconnect must make some IT shops feel like they are in the Twilight Zone. Living in a land of harmony but lurking around every office corridor is the fiscal stick of restraint.
But ignorance is bliss according to an Ernst & Young survey released last week which found one-third of Australian companies do not have the ability to determine whether their IT systems are even under attack. The survey calls on organisations to “back up their talk” and to start investing, with the warning that all too often it takes a security breach or a regulatory mandate to bring on the necessary spending.
The survey identified hierarchical layers between the “C-suite” and IT managers with the C-class brigade still regarding security as a technology issue.
Maybe it’s time for IT security managers to take the sage we know as Elvis into the boardroom. That’s right, throw on a cape decorated with a few diamantes and start swinging those hips. Let’s get the action started!