Did you know, your procrastination could cost you more than security would? The price tag for indecision, is very costly, yet many remain complacent when it comes to security.
Over the past 21 years, working in the IT security sector, I have heard every excuse in the book about the reasons why security budgets get pushed to the bottom of the boardroom agenda.
The reasons are many, such as management trusting that the “IT guy” is taking care of security because he or she told them they are. Others feel that they would never be targeted by a hacker, or that they have nothing of value that a hacker would want. Many place a tremendous amount of faith in outsourced IT companies that do not specialize in security, trusting that they know what they are doing.
Statistically, companies that use these excuses, are the primary victims of cyber-attacks.
Here are some sobering statistics;
- Human error is still the number one challenge facing IT security
- Security breaches have increased 67% since 2014 (Accenture)
- 95% of security breaches are caused by human error (Cybint)
- 45% of breaches featured hacking, 17% involved malware and 22% involved phishing (Verizon)
Despite these alarming statistics, many companies continue to play “Spin the Wheel” when it comes to choosing whether to do something about security, or not.
Why is security being ignored? Why is it so often avoided or not discussed in the board room, or in operation meetings? The short answer is many are at a loss as to where to start. Roadblocks, such as where to spend the budget?, who should take on the task?, or who should be responsible?, are all concerns shared by most companies. The result is that the topic of security is most often shuffled into the next meeting, and nothing gets done.
Hackers count on this and for this reason they prey on businesses because they are usually ill equipped and unprepared for what is to come. Sadly, 43% of all cyber security attacks, target small business and smaller organizations (1-250 employees), have the highest targeted malicious email rate, 1 in 323.
So, what does this mean? Bluntly speaking, it means that if you’re not convinced that security is worth preparing a budget for, you should plan for the worst possible outcome.
Ransomware, Malware & Spyware should be a major concern to all companies, regardless of size or stature. Hackers will target a company using carefully crafted phishing emails, that coerce the user into divulging sensitive information that can be used to gain further access into the corporate network. The same Phishing email could carry a ransomware payload that could render the entire company’s IT infrastructure, inoperable, costing untold amounts of money to repair, not to mention the amount of the ransom demand.
If you need further convincing that a security budget is a good idea, please consider the following:
You might ask yourself, what steps would you take when your company falls victim to a ransomware or other cyber security attack? Does your company have a plan? Has the plan been rehearsed? How much downtime could your company afford? What reputational damage would your company face? What about loss of consumer confidence and trust? What is that worth?
Does your company have the budget to cover the cost of a security breach? What about the cost of computer and network infrastructure overhaul or data recovery, if that is even possible? Statistically it is not.
These and many other motivating factors, are worthy of consideration. The good news is that getting started on creating a security budget and rolling out a security plan is less expensive and not as complex as you may think.
In the next article, we will be covering how to determine budget requirements, how to identify what needs to be protected and where the most effective and cost-effective place to start is.
About Jim Kootnekoff
Mr. Kootnekoff has been working in the cyber security industry for more than 21 years. Beginning in 1999, Mr. Kootnekoff formed his first cyber security company in Tokyo Japan. In 6 short years, he grew the company to become the number two ranked security company in Japan, serving fortune 500 companies as well as local and federal government.