Who is to Blame when a Breach Happens ... the CEO or an IT Tech?
To ask the question who is at fault when a company network and/or system of computers is breached/compromised almost seems like someone is being asked to point fingers and place blame.
Understand there is a certain element of responsibility and accountability of which needs to be addressed and remediated when a breach event occurs.
The situation becomes a moment of recognizing and holding accountable decision-making executives, who have opted for less technological assistance, slashed security budgets, dissolved IT staff/departments to save on costs and reduce budget expenses. And now, the answer to this question seems a bit more apparent. Consider the following example.
Example:
A local community center’s network is breached, and their computer systems are down for a minimum of nine days. Members must sign in on a paper log sheet each time they utilize the facility because all systems are down. Members are told by staff, “Oh, it’s a national software thing for the program we use.” A member asks, “well do you have IT staff trying to resolve the problem.” Staff replies, “I don’t know anything about that, it’s the city’s problem.”
So for users and subscribers, having systems down is a HUGE inconvenience because scanners for digital cards do not work, web site and credit card machines are down, computers are dysfunctional and “cash only” signs are posted everywhere.
-
Most people do not carry cash.
-
People cannot renew their membership in-house or online or sign up and pay for extra curricular activities unless they have cash.
-
Members now question if their data is safe or has been compromised in the breach.
-
A breach inhibits the level of trust the community center has cultivated and earned with members.
-
Down time raises the questions among members will this happen again, and should I trust this place to do business?
A network breach is an huge loss of revenue for the community center. If the community center has 20,000 members, and each member pays $45 per month, not being able to collect or having to postpone payment for every day computers are down can seriously affect the businesses bottom line. Say a member comes to utilize the facility, but they need to pay for the month, and they don’t have cash. Now, they either miss a workout or class, or they have to leave and return with cash, or they have to wait until the computer issue is resolved and come back at a later date. Multiply this by a few thousand members, plus the inconvenience, which inhibits the trust factor, and suddenly there is a lot more to resolve than what started as an IT issue and further, a hack.
The community center is governed by the city, therefore all of its computers are tied to the city’s network. So, the problem, which started in one building just expanded. City executives have cut all IT resources in their facilities to save on costs. Therefore, executives have opted to either outsource their IT department or rely on one or two IT techs for seven different buildings, which equates to
serious understaffing to satisfy their IT need. Outsourcing IT can take days to rectify a
situation because you are working with people in different time zones,
who don’t speak an understandable version of English, and you are at their mercy. An
outsourced IT company won’t come to you, they will attempt to resolve the issue over the
phone, which takes hours of your time because you have to do what they are telling
you to do in a phone conversation.
This is HOW and WHY decision-making executives should take responsibility and be held
accountable in some circumstances when networks are breached. They are the decision
makers who have slashed IT budgets to save money, which resulted in compromised
systems, costly mistakes, loss of revenue and tampering with members’ trust.
IT techs are a valuable resource to keep your networks safe and secure, as well as train,
educate and inform you and your staff about the latest cyber threats. Cyber criminals love
when executives make poor decisions about having necessary IT resources because
without IT techs, their knowledge and expertise, hackers can easily breach a network
without hesitation and make a lot of money more quickly.
