Sophos: FIinance & IT Collaboration is key to security success
November 2008 by Sophos
IT security and control firm Sophos is advising businesses to seriously consider the alignment of their finance and IT departments when it comes to IT security in the current economic climate. The firm’s recent study conducted by Vanson Bourne* indicated that both business areas have very different views on the main issues affecting them.
Sophos warns that such contrasting views between two departments at the very heart of the business could potentially leave holes in IT security or mean investment isn’t spent wisely. The firm’s study shows that 60 percent of finance departments see business continuity as the most important business issue, compared with just 20 percent of IT teams. While, in the wake of several high profile data fiascos, 45 percent of finance departments surveyed rank data loss prevention high on the agenda, compared to less than 10 percent of IT. Other key findings include:
50 percent of finance departments agree that creating and implementing an IT security policy is vital, compared to just 15 percent of IT departments
Only 11 percent of IT departments believe that securing an online operation is necessary, in comparison to 38 percent of finance
The study also confirmed that IT is clearly an under-resourced and overworked business area – 55 percent of businesses with between 250-500 employees have fewer than five dedicated IT staff. According to Sophos, many IT departments are so preoccupied with day-to-day activities therefore that they often do not have the time or resource to address the overall IT security picture and the IT health of their organisation. Crucially, this could lead to gaps in security that cybercriminals are just waiting to exploit. While some businesses used to see the solution in throwing new resource and investment at the situation – in the current financial climate this is no longer an option and investment must be spent carefully. Sophos argues that given this state of affairs, it is more important than ever that both departments adopt a new aligned approach in order to weather the storm without sacrificing security.
“All organisations must tackle these disparities head-on in order to achieve the best for business – a failure to address the gap could have disastrous consequences and should be avoided at all costs,” said Carole Theriault, senior security consultant at Sophos. “One of the major challenges facing IT teams is to ensure that all IT security bases are covered with limited resource on hand to achieve their goals. The key is to adopt a simple, integrated approach and nurture the existing relationship between finance and IT: both departments must be willing to listen to and evaluate the other’s concerns, ultimately working towards an overall solution amenable for the company. Once each department has got its priorities straight, their united front will enable them to keep the company’s IT infrastructures protected against the latest perils the threat landscape has to throw at them.”
*Vanson Bourne surveyed 251 IT and finance organisations with up to 1,000 employees – Summer 2008.