The message to middle and senior management - WAKE UP!
Unfortunately this seems to be an area that is getting worse rather than better in this country and much of the problem can be resolved with a bit of education and common sense – and some money of course.
Some of the issues:-
1. ‘Highly qualified’ IT managers in small/medium sized organisations that are quite simply ignorant of even simple risks (IT) within their department or within the business as a whole. They may have an IT related degree (or whatever!?!?) but have little or no ‘business acumen’ and are unable to see further than their nose while, one way or another, the big picture is ignored or worse still take the attitude of “It’s not in my job description”.
2. Insufficient funding for IT departments to enable them to provide proper protection against known risks and plan for currently ‘unknown’ risks.
3. Most IT departments are ‘cost centres’ and this, in my opinion, is wrong. They should be ‘profit centres’ and charge their users accordingly for every byte of storage and data transfer used so that relevant levels of ‘protection’ can be provided without the need to go begging for additional funds – that in many cases are desperately needed.
4. Ignorance, from middle management to board level, of even simple issues relating to IT risks that can be seriously detrimental to the business as a whole.
5. Management, up to board level, simply not listening to IT managers who DO know what they are talking about.
6. Dare I even mention the ‘jobs worth’ brigade? Those people who couldn’t manage their way out of a wet paper bag but who are however brilliant at justifying and protecting themselves and who get promoted sideways rather than being fired?
7. The perception of IT has changed over the years and is now seen, by many, to be much simpler. Let’s face it, our children now leave school with a high level (??) of knowledge of ICT and the Internet – so how difficult can it be?
The fact is that much of IT - at the user level - IS simple, unfortunately many people see and believe this is still the case when it comes to ‘business systems’ as a whole, the truth however is very, very different. Just ask the MD what the effect would be if he/she lost his/her PC for 24 hours because of a disk crash – with vital unprotected information on it? Worse still, ask if they know/realise what the effect of losing a major system for 24 hours would be? Don't be surprised at the answer though!
The message to middle and senior management - WAKE UP!