From ransomware and malware to the Internet of Things, midmarket IT leaders are staring down a number of security threats, often with limited resources at hand.
Herman Brown - CIO San Francisco District Attorney's Office
When asked what his biggest challenge is right now, Brown doesn't hesitate to answer: "People."
"I always talk about technology, process and people, and technology is the easy piece of it," said Brown, the CIO for the San Francisco District Attorney's Office, who is part of a team of eight.
"It's the process that becomes a little bit more difficult as people usually work in silos, and they know their piece of the process, but they don't understand or know the entire process, but you can get them together and figure that piece out. But the people themselves as individuals are always a challenge because they have different skill sets, different understanding, different desires, especially when you're talking government where you have employees that have been with the department or the city for 20, 25 years."
It's critical to ensure that employees understand why security practices are being implemented and the importance behind them, he said.
"What gets overlooked a lot, I think, is the insider threat. For the staff, our end users, it's the training for them, getting them on board and understanding the importance of security, and that security is not just something that's the responsibility of IT."
The risks are high, whether it's an employee unwittingly enabling an attack or a disgruntled insider who purposely aims for sabotage, he said.
"A breach is a breach, whether it's done purposefully or by accident, and you have to be concerned with both," he said. "If it's something that's malicious, then you take a certain approach to that. And if it's something that's happened by accident, then you want to train, you want to educate."