For all the infosec hurdles to overcome, we can build a bright future if the enterprise can pull together.
We often talk about the enormous challenges facing IT departments around the world. The consumerization of IT, driven by the BYOD trend and coupled with mobility, has given birth to a wide range of serious security threats. As the enterprise increasingly relies on the cloud to provide software, infrastructure, and platforms as services, safeguarding valuable company data is an entirely different prospect than it was even just a decade ago.
But for all the hurdles to overcome, there is mounting evidence that businesses no longer have their heads buried in the sand — or stuck in the cloud! There’s a growing realization that cybersecurity requires budgetary commitment, sincere collaboration, and a solid stratagem. If the enterprise can pull together, with government backing and the right expertise, we can build a bright future that’s secure from cybercriminals.
Money, money, money
We’re not going to solve the problem by throwing money at it, but it certainly helps, and it’s also indicative of a deeper understanding of the underlying threats and potential costs of a data breach.
The Ponemon Institute found the average cost of a data breach in 2014 was $3.5 million, a 15% increase from 2013. The enterprise is starting to realize that it’s an awful lot cheaper to provide a proper budget for security now than it is to pay through the nose later.
Companies are growing more aware of threats, and this is leading to a greater allocation of resources. Gartner estimated that worldwide information security spending rose 7.9% last year, reaching a total of $71 billion, and it’s set to grow another 8.2% this year to hit $77 billion.
According to the 2015 Piper Jaffray CIO Survey, security is the top spending priority for CIOs in 2015, just as it was in 2014. An impressive 75% of respondents expect to increase security spending this year, and that comes on top of an average 2% growth in annual IT budgets.
The U.S. Government is also weighing in. President Obama identified cybersecurity as a priority in his budget and asked for $14 billion to boost defenses for 2016. That’s an increase of $1.5 billion compared to this year, and it includes funds for a Civilian Cyber Campus intended to bring agencies together to focus on cybersecurity issues. That spirit of collaboration extends to the private sector.
The White House summary stated, “Cyber threats targeting the private sector, critical infrastructure and the federal government demonstrate that no sector, network or system is immune to infiltration by those seeking to steal commercial or government secrets and property or perpetrate malicious and disruptive activity.”
With greater pooling of resources and sharing of knowledge, threat identification and neutralization will become easier and more efficient. There’s strength in numbers.
Proper planning and education
You need resources to build security, but budgets must also be allocated wisely. When we looked at what the military can teach us about cybersecurity, we identified the need for proper planning and a system to enforce policy rules. Buying an expensive piece of security software or employing consultants to provide a snapshot of your security health is not going to be enough. You need an ongoing plan and expertise.
Thankfully, more and more knowledge is starting to filter through into the private sector, as experts from the military, the FBI, the NSA, and the Department of Homeland Security move into business and share their insight and best practices.
More businesses are starting to understand the value in educating their own workforces on security. Establishing programs to ensure that staff are aware of vulnerabilities and the potential for cyberattacks is important. Companies can leverage much greater value from existing security systems and polices by teaching staff good habits, and it’s also important that they understand the potential impact of a breach.
Looking beyond cybercriminals to the threat of nation-sponsored attacks, it makes sense for all of us to pull together. If the government and the private sector truly collaborate, we will see a decline in the threat level. The first stage was to recognize the level of the problem, and the scale of recent breaches has opened a lot of eyes. Now it’s time to work with each other to build ourselves a secure future. In tech we trust!
This article was recently published in Network World.
Imagery credit: cutcaster