WSJ logo
Forbes logo
Fox News logo
CNN logo
Bloomberg logo
Los Angeles Times logo
Washington Post logo
The Epoch Times logo
Telemundo logo
New York Times
NY Post logo
NBC logo
Daily Beast logo
USA Today logo
Miami Herald logo
CNBC logo
Dallas News logo
Quick Practice Area Locator

IT Departments are Not the Same as Cybersecurity Experts

cybersecurity crimes

Cyberattacks are in the news seemingly on a daily basis, with major corporations constantly being subjected to ransomware attacks or data breaches. One factor in this situation is confusion among corporate decision-makers and stakeholders over what personnel they need if they want to adequately protect their company’s sensitive data from bad actors.

To put it simply: An information technology (IT) department is not a cybersecurity department. IT professionals are not cybersecurity experts. If you want to take cybersecurity seriously, your company needs cybersecurity personnel or contractors.

The cybersecurity and data breach professionals at Oberheiden P.C. have guided numerous corporate clients through this sensitive and yet extremely important aspect of defending a company against online threats.

What Your Company’s IT Department Does

Your company’s IT department and its personnel are responsible for maintaining and managing your company’s information and communication systems. This includes keeping these systems up and running, updating them with the most current protocols, and troubleshooting any issues that crop up.

While an IT department is also responsible for securing these systems against hacking and other cyber threats, those cybersecurity responsibilities are in addition to all of their other tasks. Furthermore, because IT professionals are basically general practitioners in the technology field, they are very unlikely to have specific cybersecurity experience or expertise, and often find it impossible to keep up-to-date on all of the developments in the ever-evolving world of cybersecurity.

What a Cybersecurity Team Does

A cybersecurity team, on the other hand, is dedicated entirely to ensuring that your company’s internal data is protected from unauthorized external access.

This is not a “fix it and forget it” project. Far from it.

Corporate cybersecurity teams, whether they are contracted out or operate in-house, create and implement cybersecurity protocols that are tailor-made for the company’s needs and its most pressing concerns. This alone is often a massive undertaking that requires extensive tweaking, as the underlying information and communication systems get updated and adapted for the company’s most current needs.

Once that is done, though, cybersecurity professionals begin a near-constant process of auditing the defense system that they have created, looking for holes that can be exploited so that they can patch them before someone else finds the weakness. While much of this work is done by the team itself, outside cybersecurity professionals can be used as well, potentially with bounties being offered to anyone who can find a way to hack into the system.

This auditing process is an ongoing affair, as cyberattack methods grow more and more varied and powerful, and as the information systems that are being protected evolve and improve in ways that the original cybersecurity system did not anticipate.

Cybersecurity Professionals are Far More Specialized

The level of expertise needed to succeed in the cybersecurity world, including the demands for maintaining that level of expertise in a rapidly developing field, is far higher than what it takes to stay on top of the field of information technology.

This is why cybersecurity is often referred to as a subfield of information security, while information security is a subfield of information technology: Information security, or infosec, is the profession of securing the communications and information systems that the IT department is responsible for maintaining. Cybersecurity, meanwhile, is the subfield of infosec that is responsible for securing those systems that house data that can be accessed in cyberspace. That increased accessibility of the data highlights the importance, and the difficulties, of securing it.

This is why cybersecurity professionals generally have a bachelor’s degree in a technological field, like computer science or information technology, plus a master’s degree in cybersecurity.

IT professionals, meanwhile, may not even have a college degree.

The Costs of Using the Wrong Personnel are Substantial

Like many aspects of compliance and defense, many corporate stakeholders look at the costs associated with maintaining a cybersecurity team, then at the costs of just using their IT department, and wonder if the extra expense of the dedicated cybersecurity team or professional is really worth it.

The correct answer will always depend on the nature of the information that is being stored, how badly a data breach would tarnish the company’s brand, and the level of the company’s risk aversion. If the company does not have sensitive data that is worth protecting, the odds are low that it will be targeted by cyber criminals, and the costs of the breach may be low as well.

Any other type of data stored on the company’s systems, though, presents a serious risk. Whether the data is a set of trade secrets or, more likely, the sensitive personal information of the company’s customers or workforce, taking adequate cybersecurity measures is essential. Hackers know the types of information that they can sell on the black market, and they have a good idea of which companies will have it on their computer systems. If your company has the weakest cybersecurity protocol of a hacker’s potential targets, they will zero in on it.

At this point, the true costs of using the wrong type of personnel for cybersecurity will become apparent. How your technology department responds to a cyberattack can make a huge difference in the eventual outcome. IT professionals who also handle cybersecurity are very unlikely to have experienced what it is like to be the target of a cyberattack. Cybersecurity professionals, on the other hand, train for these moments for years and will have a very good idea of what to do next, having likely been through the process numerous times in the past. By effectively identifying the nature of the breach and taking quick steps to mitigate the scope of it, experienced cybersecurity professionals can protect the most sensitive data and grab the momentum back from the hackers to patch up the weakness that they had exploited so it cannot be torn open again.

Put our highly experienced team on your side

Dr. Nick Oberheiden
Dr. Nick Oberheiden

Founder

Attorney-at-Law

Lynette S. Byrd
Lynette S. Byrd

Former DOJ Trial Attorney

Partner

Brian J. Kuester
Brian J. Kuester

Former U.S. Attorney

Amanda Marshall
Amanda Marshall

Former U.S. Attorney

Local Counsel

Joe Brown
Joe Brown

Former U.S. Attorney

Local Counsel

John W. Sellers
John W. Sellers

Former Senior DOJ Trial Attorney

Linda Julin McNamara
Linda Julin McNamara

Federal Appeals Attorney

Aaron L. Wiley
Aaron L. Wiley

Former DOJ attorney

Local Counsel

Roger Bach
Roger Bach

Former Special Agent (DOJ)

Chris Quick
Chris J. Quick

Former Special Agent (FBI & IRS-CI)

Michael S. Koslow
Michael S. Koslow

Former Supervisory Special Agent (DOD-OIG)

Ray Yuen
Ray Yuen

Former Supervisory Special Agent (FBI)

Cybercrime Defense Lawyers at Oberheiden P.C.

The cybercrime defense lawyers and cybersecurity professionals at Oberheiden P.C. have amassed a strong track record of success in this novel field of business and the law. Contact us online or call our national intake hotline at (888) 680-1745 to get started.

Contact Us Today

I accept the Terms and Conditions.(Required)
WordPress Lightbox