This year is predicted to break records in terms of investment in cyber-security measures, with organizations predicted to allocate nearly nine percent of their entire IT budget to security.
Great news for cyber-security product vendors (!), but with history telling us that reported breaches and losses from cyber-attacks are still increasing just as quickly; just what is going wrong with corporate cyber-security?
Whose job is Cybersecurity anyway?
For too many organizations, cybersecurity is seen as the sole responsibility of the company CIO or CISO, when the reality is that everyone now needs a sound appreciation of cybersecurity best-practices. Not holding accountability for securing sensitive data will not help protect an organization's valuable assets, but this trend has become all too common within information security roles. Whether that be with intensive training and education or by implementing security solutions that will help mitigate the problems from happening, it all starts with strong leadership.
Cyber-security is closely tied to customer loyalty and trust, and if not taken seriously, can leave customers looking elsewhere and do significant damage to your brand's reputation. Having a leader who will talk to employees about business risks as an implication of a cyber issue will help lead to effective change in the workplace. In fact, being cyber-resilient can even be seen as a competitive advantage and a means of staying ahead of the competition. If a potential customer has the option to side with a company who sees cybersecurity as a priority and a company who sees cyber-security as an unmanageable task, who do you think they would choose?
Avoiding the Blame
The ‘revolving door' of security leadership plays its part, too. Classic scenario: experienced security professional joins an organization, implements their personal preference security solutions. But once they're no longer with the organization, no one is trained on how to correctly manage the software, leaving organizations vulnerable to attack and with their budget poorly spent.
The market and vendor community could do more to help, too. The market is typically too adversarial with vendors competing for a finite security budget, sometimes at the expense of the customer who ends up with a top-heavy product portfolio.
While budgets on information security defenses are predicted to rise this year, simply throwing money to meet regulatory requirements don't secure an organization by any means. The record shows that organizations have been investing record amounts of money in cyber-security solutions, yet the number of security-related incidents seems to be increasing. While this increase in funds indicates information security is finally gaining the attention it deserves, spending effectively needs to be at the forefront of every organization regardless of size. If high spending levels are reaping low levels of success, organizations must evaluate whether they need new security defenses or better educate their staff to address their organization's needs.
Creating a Cybersecurity Mindset
To that end, cyber-security is a 24/7 discipline and requires a combination of technical measures, procedures, and working practices to maintain solid defenses. And it's precisely for this reason that organizations will continue to get breached unless a cyber-security mindset becomes second nature for all employees. Keeping the message of security in the forefront of your employees will help instill the seriousness and benefits of maintaining an effective corporate cyber-security program.
Cyber-security takes many different forms and the range and nature of today's threats are so sophisticated that it often seems like quite a daunting task for corporations to undertake. From capturing and defeating APTs, stopping phishing attacks, to insider threats and hacktivism, the scope of cyber-threats corporations' face is overwhelming and can leave employees to wonder where do we even start? Implementing NNT's intelligent Breach Detection solution is a great place to start.
While there may be no such thing as 100 percent security, implementing layered and 360-degree disciple can help instigate and then maintain security. By increasing funding in the realm of information security, organizations will improve their cyber-security and cyber-readiness, so long as organizations focus on getting the security fundamentals right and to not chase the newest ‘must have' product.