Few business leaders are oblivious to the proliferation of cybercrime, particularly in light of high profile events such as Petya and WannaCry. But awareness does not always result in action, particularly when budget and skills constraints hamper large-scale revisions of security strategy.
A complete ‘rip and replace’ of security technologies and strategies can be a prohibitively costly exercise. In addition, with (ISC)2 predicting a shortage of around 1.8 million information security professionals globally by 2022, there are already widespread reports of fierce competition to attract and retain information security expertise. In the face of these constraints, many large enterprises might opt to simply ‘put their heads in the sand’ and hope they will not be targeted.
Some large enterprises may also have a false sense of security due to the fact that they have information security teams and strategies in place that ‘have always worked in the past’. And for multitudes of small and medium-sized businesses, there is a serious lack of awareness of cyber risks, and inadequate skills in place to mitigate them.
Can you afford not to?
In an environment in which increasingly sophisticated cybercrime is proliferating, and where there is a viable business case for ransomware, businesses can’t afford not to improve their cyber defences.
Potentially vulnerable new endpoints are being brought into the enterprise daily, through new mobile devices, connected cameras and authentication devices, and IoT systems. Information security policies can become outdated in as little as six months. And around the world, the number of victims and the scale of losses is growing steadily, so it’s only a matter of time before cybercriminals ‘come knocking at your door’.
The impact can be catastrophic, lasting far beyond the fallout from the initial breach. The real costs of cybercrime can be significantly larger than the initial financial losses – there is reputational damage, the potential loss of customers and partners, and the real possibility that a business may have to start again from scratch in the event that all its core data is lost.
The good news
Reinforced cyber defences need not require substantial capex and restructuring. Instead, cybersecurity can be enhanced in a phased approach, starting with core systems and key priorities such as compliance with international standards and legislation.
The support of a trusted security partner simplifies the process of identifying quick wins and big impact projects and offers a viable solution to the lack of skills and infrastructure.
A low-cost, but crucial, step in improved cybersecurity is implementing sound security rules and policies; including post-breach protocols.
Another low-cost measure is to educate the so-called ‘human firewall’ – a key vulnerability in most organisations.
While no security solutions can guarantee 100% impenetrability, it is possible to deter criminals, making your enterprise an unattractive target. Implementing the most advanced, multi-faceted solutions and strategies mitigates risk, supports compliance and fosters trust among your stakeholders, ultimately helping to grow your business.
By Mayleen Bywater, senior product manager for security solutions at Vox