It’s 2017 Folks, Where’s Your Cybersecurity Plan?
Cybersecurity threats continue to shift and change, and many businesses may be wondering how to respond. As 2017 wraps up, many of these same businesses may be just beginning their efforts to develop a comprehensive cybersecurity plan and policy. While the shortfall of expertise and resources devoted to cybersecurity is only expected to get worse in the coming years, there are a few steps any business can take to address the biggest threats of today with confidence.
Hackers and cyber threats are like the mythical hydra: as soon as you cut off one head, two more spring up in its place. Who is there to slay metaphorical monster? As we pointed out in a blog post on the lack of cybersecurity experts, there is expected to be a global deficit of 1.5 million experts by 2020. If you are among the 93 percent of IT managers who already feel overwhelmed, this is unwelcome news.
A Lack of Experts + Employee Awareness
According to Crowd Research Partners’ 2017 Cybersecurity Trends Report, which polled 1,900 security professionals, perceptions of the biggest obstacles to cybersecurity are: a lack of cybersecurity experts (45 percent), a lack of budget (45 percent) and a lack of cybersecurity awareness among employees (40 percent). The same report also found 54 percent of security pros expected a successful attack on their company in 2017, with 46 percent increasing their budget by an average of 21 percent.
Even the healthcare industry, so protective of its data in no small part due to the regulatory requirements placed on it, has been bled over $6.2 billion following attacks, with 90 percent of organizations reporting a data breach in the last two years. Now, 81 percent of U.S. health organizations and 76 percent of those globally will increase their cybersecurity spending in 2017, taking important proactive steps and not simply reacting to successful attacks..
Budgeting for cybersecurity should not be brushed away from the laundry list of IT priorities any business has. In 2017, it should be seen as a core organizational priority. The 2016 Ponemon Cost of Data Breach Study found data breaches cost companies an average of $4 million, with each stolen record worth $158. Could your business afford that?
The International Data Corporation say organizations spent $73.7 billion on cybersecurity globally last year, with that number expected to go up to $101.6 billion in 2020. While more than half of IT pros reported spending more on cybersecurity in 2016, 86 percent still do not feel confident about their situation. Obviously, setting the right priorities with a cybersecurity budget is still elusive to many. .
To help you do that, here are some tips for how to push a successful cybersecurity plan in 2017.
IT Admin and Managers: Upgrade Your Game
It is usually less expensive to augment resources you already have than to bring in new ones. Consequently, 54 percent of organizations see training their internal IT staff as a way to counteract a cybersecurity skill shortage. Raising awareness and expertise among the IT leaders you already have is the fastest way to improve your defenses. Upper management should insist that IT admins and managers are constantly ahead of the curve, and provide them with the time and resources to stay there.
Educate You User
On top of ensuring your IT team is on top of the latest trends, try to limit the potential for human error. When it comes to cybersecurity, people are the most vulnerable point of attack. The root cause of over half of security breaches is human error. As The Health Foundation discovered, all it takes is one IT manager and a little help from HR to see a marked improvement in user responses to phishing attacks.
Check out our blog post on preventing human errors in cybersecurity for some handy tips! The first among them is to have regular (as needed) sessions to ensure your teams can spot a threat before you fall victim to the same attacks that so often make headlines.
Moving on up to the Cloud
Transferring security to the cloud may require an investment, but it’s worth it. As we noted in our blog post “Cybersecurity Trends: Cloud Protection Solutions”, cloud-based email and endpoint security solutions will continue to grow in popularity through 2017 and beyond because of their ability to keep up with the growing number and mobility of user devices, while also providing increased security against physical hacks and natural disasters. Budgets for cloud-based services are expected to increase by 3 percent in 2017.
Minding Your Email!
With 91 percent of hacks starting with a phishing email and a 6000 percent increase in ransomware attacks in 2016, protecting your organization’s inboxes has never been more important. Working with a reputable cybersecurity vendor (like Vircom) ensures you can get full email protection coverage including attachment defence, targeted phishing prevention, encryption, archiving, data loss prevention and more!
Work with a Managed Services Provider (MSP)
As an IT manager may not have the time or skills to handle every part of your organization’s cybersecurity efforts, outsourcing to a Managed Services Provider (MSP) or a Managed Security Service Provider (MSSP) is a viable option. The best will work with you to provide security that is tailored to your company’s needs. Given the global shortage of cybersecurity experts, and the risks and costs of bringing on new staff, it’s worth looking into.
Have a Cybersecurity Plan and Let It Evolve
Overall, you need to know that the plan you develop must be able to evolve. With the rate at which threats change, grow and become increasingly costly, you need to have a clear protocol ensuring you and your company will always be one step ahead of the hackers.
If you need help with your business’ cybersecurity strategy or budget, Vircom is here to help. Get in touch with us today!
What would you say is a good formula for determining budgeting for cybersecurity? Is it only based on costs of getting hacked? I’m with a company, with about 50 employees – don’t really think I can make the case to spend 100k a year for an it admin + cybersecurity tools (we aren’t an IT company).