A lot has been discussed over remote workforce and WFH challenges in the last two years. The faster acceleration of WFA (Work From Anywhere) or hybrid work environment of late has enhanced productivity but at the same time created new challenges for the IT security workforce. In addition, there are several non-IT resistance that create severe hindrance inside the organizations while they toil hard to ensure security and business productivity. Hence, as new risks evolve, the attack surface expands and the security is compromised.
The Non-IT Challenges
Some recent cyber incidents in the public sector and other industries have triggered warnings regarding non-IT threats among organizations.
- Data breach in one APAC aviation organisation leaked thousands of passenger details due to malicious insiders
- Details of Covid-19 positive patients were leaked online last year in Indian subcontinent
- One of the Nationalized banks in APAC region suffered data breach of millions of customers due to password hack
All these incidents apparently pinpoint security vulnerabilities inside the organization. However, in the back stage, there could be reasons like cultural resistance and administrative hindrances that lead to data security uncertainties. When we talk about Non-adherence to the IT security policy or lack of robust password management and multi-factor authentication, the first thing that strikes our mind is ‘the organization lacks robust IT security infrastructure.’ Rarely do we think about the employee resistance to upgraded policies or non-acceptance of new technologies by the employees that might have resulted in data breach incidents.
Let us brainstorm the non-IT challenges that could stop organizations from an uninterrupted business process.
Obstacles from Non-IT Threats
The IT department in the organizations directly or indirectly face the non-IT challenges as a part of work culture. What has been observed from the trends, many organizations, especially from the public sector are challenged time and again by the workforce and administrative policies like allocation of budget on time, limited skill set and non-acceptance of challenges, resistance of adoption of the right technology, reluctance to take ownership of new technology/ policy, confidentiality of the adoption of new technologies and more. These typical challenges elevate the IT risks to a new level and eventually it impacts the reputation of the organization.
- Non-Acceptance of New Technologies: Requirement-based adoption of new IT technologies is very often prevented by the workforce. Resistance to any kind of changes, even if it is required, is a fundamental human tendency and it plays a big role in preventing implementing new technologies. As a result, the IT security infrastructure lags behind and the vulnerabilities increase in no time.
- Limited Skill set: Many organizations face this quite frequently and commonly. Adoption of anything advanced and new completely depends on what kind of skilled IT personnels the organization has in its team. For instance, if an organization plans to adopt cloud infrastructure for maintenance of data, they need to adopt necessary security measures for the IaaS environment as well. However, if they do not have an adequate workforce with the necessary skill set, then technologically the organization falls behind. Eventually, the chances of cyber incidents aggravate.
- Reluctance to take Additional Responsibility/ Ownership of the New Technology: This is a highly common constraint faced by organizations globally. An individual or a team who is habituated to handle a predefined set of responsibilities, denies to take any additional task even if it is critically required from IT security perspective. Hence, it creates an obvious set back in implementation of new technologies in the organization and subsequent chances of cyber catastrophes.
- Altercation among Employees due to Change of Roles: The changing dynamics in the IT landscape have increased access control challenges. As a result, there is a change in the roles and responsibilities of the employees. This alteration leads to friction among employees and hence there is resistance from the employees whenever any change is required. A candid and prolonged talk with the employees/ end-users delays in decision making and eventually the implementation is also delayed.
- Non-Availability of Resources: Adoption of any new technology requires additional resources to understand it, deploy it, and train the functionalities among the team. Hence, non-availability of the required resources forces the organization to either refrain from adoption or keep the decision of adoption on hold. As a result, even if the organization is aware of what to be done to improve their IT security measures, they can’t act fast enough.
- Frequent Change of Management: If the governing bodies of an organization change frequently, then any kind of decision gets delayed. This is quite a common corporate challenge but it is critical for IT security. Change of person means change of mindset, altar of thought process and thus, the overall repercussions fall on the decisions. In case of adopting IT security measures, it heavily delays the process of adoption and eventually IT risks increase.
- Diversity of Nationalities: This is an occasional challenge for large MNCs. When the governing bodies have multiple people from multiple nationalities and industries, the decision making is affected. Different opinions about necessary IT security measures vary a lot as geography and area of experience results in too many options on the table. For instance, a person handling IT security in the BFSI or Telecom industry might not give the same level of importance to IT security compared to that of other industries. Eventually, the critical IT decisions get postponed repeatedly or at times go nowhere.
- Outsourced IT Team: Many organizations count on Managed Service Providers (MSPs) or outsourced IT security teams to manage their overall IT infrastructure. As a result, any kind of alteration in the policy or any ad hoc requirement of IT security requires boardroom discussions or team meetings which at times delays the new technology adoption processes.
Organizations in the post-pandemic era have hastily embarked on advanced digital transformation to survive the cut-throat competition. The malefactors are continuously threatening them with evolving threats time and again. Every organization is ready to shield their digital assets from cyber criminals and thus counting on prompt adoption of new, relevant and adequate IT security measures. However, if the employees are reluctant to extend their helping hands on time, then the overall objectives of IT security is subdued.