MIT expert: Organizations ignoring ‘blinking lights’ on cybersecurity

‘The lights are blinking red’ for cybersecurity— but organizations are still doing little to address the danger.
16 October 2019

The Massachusetts Institute of Technology in Cambridge, MA, USA. Source: Shutterstock

Cybersecurity is not being taken seriously enough by individuals and organizations, Erik Brynjolfsson, Director at the MIT Initiative on the Digital Economy, has warned.

This year’s major data breaches show the extent of the risk. Think of the Alabama three-hospital system, which was attacked by ransomware and was unable to take in new patients, resorting to using paper files during the incident.

Another case involved millions of Americans’ information being exposed, such as tax statements, Social Security numbers, bank account numbers, driver’s license photos. The compromised data are vulnerable to identity theft, fraud, and scams. 

These events and others have stolen headlines, but a Kaspersky survey revealed about 67 percent of industrial organizations do not disclose cybersecurity incidents to regulators. Hence, there are likely many more cases of data security breaches that go unknown. 

Security is secondary to innovation and development

Organizations eager to keep up with the race to digital transformation generally prioritize in innovative technologies and software their ultimate potential to boost revenue. Allocation of budget and resources is mainly given to integration and performance, while cybersecurity falls further down the priority list. 

Statistics show a low initiative to check for security vulnerabilities during developmental stages, with 73 percent disregarding this step. 

Moreover, only one-third (35 percent) of organizations consider privacy issues during the designing and deployment stage. It’s no wonder 65 percent of stressed-out cybersecurity and IT professionals are thinking about quitting.

Concerns on the absence of high-level prioritization in improving cybersecurity systems are constantly raised by experts in the field; “Whenever I talk to the real cyber experts, they tell me the lights are blinking red, that we’re so vulnerable, and we need to do a lot more to make our information system secure,” Brynjolfsson shared.

A shortage of skilled workforce in cybersecurity

High demand for data scientists and cybersecurity experts is apparent when businesses are predicted to suffer a financial loss of US$150 million due to database crashes in 2020. 

More than ever, organizations require tighter security and stronger ethics in the development of AI models. 

“To do this, enterprises need the right talent and the best data. Closing the skills gap and taking another look at data quality should be their top priorities in the coming year,” said Ben Lorica, chief data scientist, O’Reilly.

However, a chronic shortage of skilled workers is hindering organizations from developing resilient AI systems. Nearly two-thirds (63 percent) of organizations owe their cybersecurity vulnerability to inadequate training provided by the individuals or teams handling their organization’s cybersecurity. 

Consequently, current cybersecurity staff are also feeling the pressure from a shortage of talent. A lack of opportunities to upskill along with the unprecedented speed of technological advancement is leaving the existing workforce with new challenges ahead and uncertainty. 

Leadership in the cybersecurity system

Essentially, Brynjolfsson thinks it’s time cybersecurity threats were taken more seriously by organizations of all sizes, and strong leadership in cybersecurity can lead organizations in the right direction.

According to Matthew Rosenquist, a former Cybersecurity Strategist for Intel, Chief Information Security Officers (CISOs) need to deploy strategic plans of learning from past attacks, addressing present risks, and preparing for the threats of tomorrow.

“A leader must use all of their proficiencies to be able to communicate risks, develop plans, articulate value, motivate team members, drive operation excellence, and to foster goodwill across the organization.”

Rosenquist emphasized the significance of CISOs in winning the confidence of the team and leading them to tackle cybersecurity issues with support from board members of the C-suite.

In an interview this year with TechHQ, touching on the difficulties of leading in cybersecurity, Just Eat’s CISO Kevin Fielder said that while an understanding of security means you have a place on the cybersecurity team, “it won’t get you far in leading the team.”

“Especially in technology, you have to be strong enough and technical enough that people respect you. I have to be able to talk to my peers across technology leadership and have enough technical insight to understand what’s going on,” he said. 

“In cybersecurity, the absence of quality leadership guarantees crises.”