Currently, there are critical situations in which cybersecurity is being gauged as being more of an enemy than a friend. The issue of cybersecurity is really getting out of hand thus making citizens question whether the private sector and the government really respect the public rights. In the introduction of the cloud technology, both the private sector and the government store many information thus making it risky for the cybersecurity attacks. This causes easy attacks from within and outside the government. Such attacks have led to the theft of the customers’ confidential information. Many organizations have suffered the cyber-attacks which made them take an extra mile to ensure they curb this problem and maybe find a permanent solution.
People are mostly governed by the FUD rule (Fear, Uncertainty, and Doubt) in the cyber security sector. In most cases, the cybersecurity team is always naïve to the third party out workers’ wise opinions and they doubt their own valuations. Surprisingly, they are more influenced by external contractors compared to the internal organization’s staff recommendations (if there is any). There is no confidence and trust in the cybersecurity technical management. Additionally, the end users’ messy online behaviours easily miss out on the cybersecurity red flags and end up being easy targets.
When it comes to processes in the cybersecurity sector, proves the “once bitten twice shy” defiance every time the organization takes security very lightly. For example, in the incident of the breach, after action reviews were undertaken there were no follow-ups to ensure the same incident does not happen again. The Standard Operating Procedures (SOP) mostly rely on the same approving opinions that often overlook non-security matters. This creates an unclear path for emergency cases in cybersecurity. Unfortunately, all past and current breaches in cybersecurity are treated with the same priority levels or SLA (Service Level Agreements). There are possible misinterpretations even in the case of security audit and review because the deadlines are tight to save the cost in the budget assigned. Once the budget exercises commence in an organization, the cybersecurity budget is always squeezed and this often leads to shelving some issues for the next decade.
Currently, there are many cases of quick buy-ins by the government’s approving parties. This done without the much careful thought in the processes. The cybersecurity technology is no longer running errands that commonly buy for renewals. In cases of breach or cases reported by the public, any cheap solution – so long as it is an easy way out – easily supersede with poor buying discretions. The shallow Information and Technology sector sidles in and breeds the government inventory list. At the same time, the government’s inventory list is unauthorized or tracked. Hence, due to the poorly maintained asset list manual tracking takes place. All this is overlooked and it later leads to a big issue that drains the internal budget and resources. Generally, the government totally rejects changes leading to a default “no-no” to any investments made in the cyber security sector.