The internet of things is expanding the attack surface for hackers and malware, while also placing more business operations online. It’s no longer your computer network at risk of an attack, but production centrifuges or hospital MRI machines. This shift is inexorable, and cybersecurity has become a mainstay in any conversation about IoT. But Nathan Wenzler, chief security strategist at Tenable believes that the conversation is happening in the wrong place.
Security is no longer an IT issue, but an issue that the entire executive suite needs to tackle. There’s no way a company can implement perfect security and no way they can afford to implement almost perfect security, so businesses need to assess the risks and allocate staff and budgets where they matter most. “IT security as a practice is not a tech discipline, it’s a risk management discipline,” he says. “Conceptually, security really needs to be involved in risk management, but you need to align risk management to the business so you need the lawyers, the executive team, and others involved.”