Feel overlooked and underappreciated? You must work in IT security
Most IT security professionals in the UK feel they’re suffering from an image problem among fellow workers, according to new research commissioned by privileged access management specialist Thycotic.
Almost two thirds of respondents (63 percent) feel that their security teams are either viewed as the company naysayers -- specifically either 'doom mongers' or a 'necessary evil' (36 percent).
In addition, 27 percent of respondents say company security and security professionals are just something that runs in the background which employees don’t really notice. 38 percent believe that they’re viewed as 'policemen.' When asked if they'd ever experienced negativity towards their team and their work, 13 percent say this happens 'all the time.'
Almost three quarters (74 percent) of security professionals report negativity or indifference regarding the introduction of new security measures and policies, with employees believing it will hamper their work (35 percent), or barely noticing them (39 percent).
Security professionals are also struggling to promote their value to other departments in the business. The overwhelming majority of them (90 percent) believe that other departments could have a better understanding of what they’re trying to achieve. An equally high majority (88 percent) feel that it could be easier to communicate their views to executive management in other functions such as HR and Finance.
"Executive boards are saying to the IT team, 'cybersecurity is your issue, solve it.' It seems to me this is the wrong direction." says Joe Carson, chief security scientist and advisory CISO at Thycotic. "We need to change the focus, otherwise you're like a greyhound, you're never going to catch the rabbit, you just keep running in circles chasing unachievable goals. CISOs need to start thinking about how they can help the organization achieve its business goals, not just security compliance. They need to become enablers, not reactors. There also needs to be a shift in the way performance is measured, if security focus is on business risk -- not just IT -- you will help organizations focus on the right thing, reducing the risk but at the same time enabling the business to meet its goals."
You can read more about the findings in the full report available from the Thycotic website.