With Cyber Breaches Hitting Record Highs, Now Is NOT The Time To Reduce Your Technology Budget.
More and more businesses are reporting security breaches in 2015. Why are some business owners electing to lower their IT budgets and why that may not be the best idea.
The data breaches that took place throughout 2014 were certainly eye-opening for many businesses. If one thing was made certain, it’s that no company, no matter the size or how recognizable, is safe. Adobe was hit. eBay was hit. Target, The Home Depot, and JP Morgan Chase all suffered high-profile breaches too.
On top of that, healthcare breaches have been on the rise compromising the secure information of million and millions of patients. Breaches are costing companies more than ever before, and hackers are becoming more resourceful and cunning than ever.
2014 Was an Eye-Opener
- News of so many breaches has lit a fire under many executives – they’re talking about making their budget allocations a lot higher when it comes to security and protection for their businesses.
- Fallout from the breaches has shaken many higher-ups, especially after seeing how they’ve affected those in authoritative positions.
- While just a year ago so many CEOs were optimistic about their cybersecurity, 2014 is going to go down as a year that changed the game forever.
Incidents – and Costs – are On The Rise
- A major and persistent issue last year was that many applications designed to keep the internet secure were found to be vulnerable. First, there was a security flaw dubbed “Heartbleed” in April, which allowed hackers to steal data. In September, Shellshock emerged, giving hackers the ability to execute commands of their choice on targeted systems. POODLE was next, allowing cybercriminals to steal cookies and then use those to carry out attacks.
- So what contributed to this problem? A number of things, to be sure. Not only were CEOs unwarrantedly optimistic in previous years, but hackers continued to get stronger and smarter as businesses grew more confident.
- The number of incidents discovered last year rose to a staggering 42.8 Million – that’s an increase of about 50% from the year before.
- Another troubling fact is that the financial losses associated with these incidents have also grown exponentially, about 53% higher than in previous years.
Why Are Security Budgets Flat?
- Surprisingly, most IT security budgets remained flat last year. One possible explanation is that costs are generally lower thanks to the cloud, virtualization and employees increasingly relying on their own devices to complete tasks.
- What some aren’t accounting for is how little they know about these new tools. CISOs need to pay attention to how their data is spread through mobile devices, on premise clouds, and any third-party vendors.
Data-Driven Security Solutions
- In a survey done this year, 64% of respondents said that they use big data analytics to help improve their security programs. Of those, 55% said that it has helped in detecting incidents.
- Businesses of all sizes are using data more often; they’re checking their logs more, turning to their security information and monitoring tools, and they’re examining the data that they’re collecting in a more intelligent way.
- While it’s not quite certain how to leverage the data most effectively, businesses have to be applauded for trying. It’s an area of increased investment that will hopefully continue to pay off and make businesses more knowledgeable and safe.
Using Data to Your Advantage
- So how do businesses get ahead by using data? There’s the tactic known as threat modeling, where you determine what your valuable data and files are to potential hackers. Figure out the ways those adversaries could plausibly get access and build a threat model around that scenario.
- Another approach is to zero-in on your data activity. There’s a lot of security-rich data within traffic logs, from application and database logs to transaction data or authentication and log-in data. Check these regularly and keep an eye out for anomalies that deviate from the norm.
- Improved analytics tools could help security teams not only to better understand the data they collect, but also what to do about persistent threats and attacks.
To talk about security with an IT team that understands the threats you’re facing, contact C.D.'s IT Consulting LLC at firstname.lastname@example.org or by phone at (317) 522-1362 ext 2.