If it seems there are more cyber-security breaches in the news recently, there’s a reason. The volume of breaches grew at an alarming 48 percent in 2014, according to a recent global study by PwC. The study also found that total financial losses from security breaches increased 34 percent during 2013. One of the most staggering findings was that the number of organisations reporting financial losses over $20 million as the result of a cyber-attack grew by 92 percent over the previous year.
How do we explain these disturbing figures?
First and foremost, it is now dramatically cheaper and easier for a cybercriminal to launch an attack than it is for an organisation to defend against one. It is cheaper than ever for hackers to purchase ready-made attacks, rent botnets and even buy complex malware as a subscription services—complete with 24/7 customer support! Because cyber-criminals are able to effectively execute their plans and make money at it (without much fear of getting caught) the trend will only accelerate.
The impact on organisations of all sizes is severe. Ironically, while the cost of committing cyber-crime has never been lower, it is getting substantially more complex to ensure an adequate security posture, and the costs of cyber security are mounting at an unprecedented pace.
Large enterprises may be able to afford a sophisticated security-in-depth architecture and teams of experts. However, organisation with limited budgets—small and mid-size businesses (SMBs), schools and local governments—must often make a perilous trade-off between quality of protection and overall cost.
Fortunately, there are key steps every organisation can take to improve their overall security without breaking the bank. We’ve identified five ways to build an enhanced security posture, while significantly reducing cost and operational complexity.
1.Reduce Deployment Complexity and Cost
Security products have traditionally been offered as hardware appliances that are installed within an organisation’s network. However, on premise security products are notoriously costly, time consuming and complex to procure and deploy. The cost of the hardware is actually just the tip of the cost iceberg: data centers, power, bandwidth, software and the specialised labor resources and time required to install, configure, and maintain these complex products add substantially to the overall cost equation.
It’s time to take a closer look at cloud-based solutions as well as hosted services offered by managed service providers (MSPs). Cutting down on hardware deployment and configuration tasks means the IT team can spend more time on meaningful security tasks—assessing, monitoring, and remediating issues in real time.
2.Eliminate On-Going Management Headaches
IT organisations are faced with an overload of security point products from multiple vendors. These products are typically impossible to integrate with each other, requiring substantial daily administration and dedicated IT resources. Servers must be internally monitored and managed, and frequently upgraded and patched. In addition, the lack of integration results in dangerous limitations in security visibility, weakening the overall security posture.
When faced with such daunting financial and staffing requirements, many companies bury their heads in the proverbial sand, hoping against hope that they won’t be breached. Security solutions must be more accessible, with easy set-up, automatic updates, flexible pricing models, and comprehensive coverage from a single vendor.
3.Improve Security Posture
Perimeter-focused, inflexible, stuck-in-silos security approaches are no longer a sufficient defense. IT teams don’t have the time or resources to address each threat vector in isolation; they need to maximise the effectiveness and efficiency of every IT dollar they spend. Integration, automation and flexibility are imperatives if companies hope to detect and remediate enough critical vulnerabilities to stand a chance against cybercriminals.
In an interconnected world, organisational boundaries are fluid and vulnerabilities are shared. Supply chains, third party vendors, and outsourced services all introduce potential entry points for bad actors. The more visibility IT has across the organisation, the easier it is to prioritise the protection of valuable assets, identify and fix gaps in coverage, enforce usage policies, and continuously monitor for unexpected activity.
A strong security posture is not only important because it protects your employees, customers, data, IP, and infrastructure. It also protects your partners; more and more it is a prerequisite for doing business with large enterprises. Many government regulations, industry compliance mandates, and insurance audits include security-related parameters. As everyone from suppliers to customers becomes more security-conscious, building confidence in your security status creates sustainable competitive advantage.Read more: Can funding open source bug bounties save Europe from mass-surveillance?
4.Keep Users Protected At All Times
On-premise security products were designed to defend the network against external attack. This was all very well when users, corporate applications and data operated from behind the corporate firewall and stayed there. However, those days are long gone.
In the era of BYO, organisations are concerned about employees and guests connecting to the corporate network from their personal mobile devices, accessing corporate data stored in public cloud applications, and working remotely while connected to public Wi-Fi. The potential attack surface has expanded from being the corporate network perimeter, which was challenging enough to protect, to encompassing a completely unbounded environment of personal devices, public network infrastructure, mobile and cloud applications, and service providers. In this scenario, multi-billion dollar legacy investments in perimeter security now offer little to no value.
5.Stretch Your Cash Flow
Even though the security landscape is getting more complex and the cost of traditional security protection is increasing, most IT departments are faced with flat budgets and rising demands on limited resources. The total cost of a cloud security solution is typically much lower than an on premise alternative. The difference in payment models between on premise products and cloud services amplifies the financial benefits of the cloud approach. Per-user pricing models, typical of cloud-based services, make it easier to scale in response to market fluctuations or rapid business growth.
On-premise security products are typically funded out of capital expense (CapEx) budgets. For example, a hardware product costing $30,000 would need to be paid upfront and then would be amortised as an accounting expense, typically over a period of three years. Contrast that with a cloud solution priced (for the sake of illustration) at $10,000 per year, funded out of the operating expense (OpEx) budget.
Although the annual expense impact on the company’s profit and loss in both scenarios would be the same –$10,000—the hardware product requires $30,000 of cash to be used upfront, whereas the cloud solution only requires $10,000 per year. Not only does the cloud service make better use of the organisation’s cash but, unlike a static hardware appliance, the cloud service is continually updated with the latest technology. In fact, chances are that the hardware appliance will need to be replaced much sooner than the three years over which the initial expense is amortised – at which point the organisation would be faced with another $30,000 expense!
This is one of the key reasons that so much technology spending is moving from on premise to cloud services. Categories such as sales force management, accounting, data storage, document management and telephony have made this switch. Over the next couple of years we will see security undergo a similar paradigm shift, as the multifaceted benefits of cloud-based solutions prove their merits.Read more: Security Watch: LogRhythm Appoints Cyber Security Veteran James Carder as CISO
The more things change, the more we need to be ready for it. There’s not much in the digital realm that stays the same, and that goes for digital crime, too. Everything about the way we work, play, shop, and communicate online is in a state of flux. Technology innovation seems to happen at warp speed these days; security products and services have to find a way to keep pace. Cloud technology is proving indispensable to meeting these challenges.
Multi-layered, cloud-based security services will play a huge role in the very necessary democratisation of security solutions. In order to make true cyber security accessible to all types and sizes of organisations, deployment and maintenance must be vastly simplified. Cloud-based security solutions directly address business and government needs for safer data, protected customers and partners, and reduced risk exposure. The best of these solutions should also deliver on the promise of reduced costs and complexity, relief from regulatory headaches, improved agility, and the opportunity to focus more energy and time on building sustainable and successful businesses.
This article was brought to you by Enex TestLab, content directors for CSO Australia.