3 Misaligned Incentives That Are Threatening Your Cybersecurity

Cybercriminals are focused on attacking and gaining access to your systems. Your main goal is to defend your IT environment and keep these hackers at bay. According to a report from McAfee, the cybercriminals are winning the battle. It’s not because they are more skilled, but because they have better incentives to attack than organizations have to defend against them.

Cybercriminals can freewheel and innovate freely in a wide-open environment. Corporate IT defenders, on the other hand, often operate in a structured bureaucracy where decisions can’t be made as quickly. Here are three ways the McAfee report says misalignment of incentives between cybercriminals and IT security leaders are threatening organizations’ IT systems.[1]

Attackers vs. defenders

Cybercriminals operate in a decentralized market, allowing them to adapt quickly. This agility gives them a leg up on defenders who do not enjoy such freedom. The incentives for attackers are clear: billions of dollars in profit from pilfered information. It’s easy to enter the cybercrime arena which results in a large pool of black hat talent.

Defenders, on the other hand, are often hamstrung by a top-down corporate structure which delays decision making, according to the McAfee report. The senior leadership of many organizations failed to allocate appropriate resources to battle cybercrime at first and as a result, attackers have enjoyed a significant head start.

Strategy vs. implementation

Now that senior executives fully understand the enormity of cybercrime, organizations are rapidly working to catch up. According to McAfee, more than 90 percent of organizations have developed plans and strategies to guard against new and existing attacks. Unfortunately, less than half of these organizations have fully implemented these plans.

The McAfee study also found a disconnect between executives and front line IT managers on the level of implementation and on the measurements being used to assess implementation levels. Executives tend to believe the strategies are more fully implemented then they actually are.

Executives vs. implementers

Senior executives responsible for developing cybersecurity defenses have different success goals than those who must put those strategies into practice. In the end, that drastically limits the effectiveness of the proposed solutions.

Executives take a bigger picture view of cyber defense factoring in cost control and maintaining reputation. Operators are more focused on detailed, technical cybersecurity metrics.

Overcoming these misalignments is crucial to adequately protecting organizations from cybercrime. Everyone in the organization must be on the same page when it comes to strategy development, implementation, and effectiveness. The different perceptions fragment organization’s ability to battle the threat. Only when these issues become better aligned, will defenders be able to level the playing field with the attackers.

For more information on how DynTek and McAfee can help you develop a comprehensive security plan to defend against cybercrime, click here.

[1] Tilting the Playing Field: How Misaligned Incentives Work Against Cybersecurity, McAfee Report, February, 2017