“Change is challenging. And security is like a moving target, so make sure you are able to deal with and work through frequent changes.”
– Unknown
As we close out cybersecurity awareness month in October, let’s revisit what cybersecurity is, or rather, what cybersecurity should be. Cybersecurity seems to be a concept that individuals, media agencies and companies throw around, and often it’s incorrectly defined and, even more often, ineffectively delivered.
It’s more than firewalls and virus protection. It’s more than passwords and employee education.
As technology and threats change, so too does cybersecurity. As speed and connections increase with the escalation of the Internet of Things and the 5G deployment, it becomes increasingly important to look at what cybersecurity should look like in your organization.
While cyber awareness has increased with headline inducing breaches over the past decade, the core problem remains of how businesses can, and should, protect themselves, and their customers, when so much of our interaction is digital. When we are this connected, a singular one-off security product will not be enough to protect a business.
What’s the point of cybersecurity?
The goal of cybersecurity is maintaining safe and stable business operations – that means the data is safe, the network is safe, the devices are safe, and the people are safe. The ultimate goal of cybersecurity is maintaining business as usual, even in the face of cyber threats.
A 2018 study from IBM found that the cost of lost business due to a system shut down after a breach for US organizations is $4.2 million. The problem is, many security solutions just isolate the infected device or file system. Isolation helps stop the problem but is detrimental to operations. In a digital age, forcing your company offline to deal with or avoid cyber threats is no longer a viable option.
It’s also not enough to simply train or blame employees. Cybersecurity is intended to ensure operations remain safe and stable – that means, employees need protection (sometimes from themselves). That puts the onus on the security solutions. Many organizations invest in one-off products to address specific cybersecurity needs. The result is cybersecurity application sprawl.
So many security products, so little time
In 2004, the global cybersecurity market was worth $3.5 billion — and in 2017, it was worth more than $120 billion. The cybersecurity market grew by roughly 35X during that 13-year period.”
Today, cybersecurity products come in many forms: endpoint protection systems (EPS), security incident and event management (SIEM), threat management (UTM), and cloud and Kubernetes cybersecurity options to name a few. Cybersecurity Ventures predicts that global spending on cybersecurity products and services will exceed $1 trillion cumulatively from 2017 to 2021 — and that the cybersecurity market will see the continuous growth of 12-15 percent year-over-year through 2021.
A practical cybersecurity approach is multi-layered, with tiers of protection spread across all the devices, networks, programs, or data that must be kept safe. In a company, there must be alignment between the people, processes, and technology to create a successful cyber attack defence. A unified threat management system can detect, investigate, and remediate quickly and efficiently.
Some companies are running 80 plus security products simultaneously. This sprawl is ineffective for three reasons:
1) It’s not an aligned approach and may not be appropriately tiered for adequate coverage (some areas may be overprotected, while others are left vulnerable).
2) With that many solutions, its impossible to ensure that what has been purchased is working correctly.
3) Most likely, you are wasting money on solutions that are ineffective or overlap.
That may sound like an excellent position for a company to be in; with so many vendors providing security for an organization’s business efforts. But it actually signals that there is too much noise in the security market. CISOs and IT departments don’t want to manage 80 products — they want a holistic cybersecurity solution that works and involves fewer vendors.
Security sprawl leaves your company vulnerable.
“The sad reality is that few IT security teams have real data to back up what they believe to be the real problems. If the CEO were to ask the IT security team, privately, individually, what the top threats to their organization were in order of importance, the CEO would probably be shocked to see that no one really knows the answer.”
Security application rationalization can save an organization $2 million or more. Without a proper vulnerability assessment, security plan or security management, your company is likely paying for security technology that it doesn’t need or use. By consolidating vendors, a company can reduce its total cost of ownership by 22-28 percent. ISA Cybersecurity Inc. can help you create a cohesive security management plan, that is appropriately tiered and unifies technology, people and processes.
According to the World Economic Forum, over $1 trillion in damages can be ascribed to cybersecurity incidents in 2018. If you want to see the anatomy of a cyber attack, our strategic partner, Cisco has made a short video overview of how a Ransomware attack could play out.
With ever-growing cyber risks and the escalation in damages from cyber attacks, it’s crucial to know what cybersecurity should be. You need security solutions to limit the disruption of operations while protecting employees. You require security services that proactively short-circuit malicious activities, and that can change and adapt to how businesses operate.
Let ISA Cybersecurity Inc. help you create a holistic security plan with technology from the best vendors in the business. Together, we can create a layered cybersecurity architecture to limit potential damage and better protect your company. To celebrate cybersecurity awareness month, why not book a consultation with ISA Cybersecurity and see what your security options are?