Seven ways security can cost your business
Most organisations have a pretty good sense of the potential fallout from security breaches. However, the truth is that data breaches are growing in number, and the financial cost is growing too. The average cost of data breach has nearly doubled in the past five years, from $6.46 million in 2010 to $12.9 million today*.
Stuart Mills, regional director, ANZ, CenturyLink, said, “The costs aren’t just monetary. Organisations must understand the other risks including damage to reputation and leaked intellectual property. Customers and users place an enormous amount of trust in the companies with whom they do business. A single breach can damage that trust forever. And, if intellectual property is leaked it could sound the death knell for any organisation.
What organisations should consider when implementing, updating, and enforcing their security policy:
The speed at which threats are increasing is exponential. For instance, there are millions of malware variations that enterprises must defend against, but it’s difficult for signature-based malware to keep up.
There are more distributed denial-of-services (DDoS) attacks than ever before, and they vary widely; they can be highly targeted or generic, long in duration or short. And then there are application attacks, often targeted at financial systems, which can bring a company to its knees. What’s even more problematic is that most organisations have already been breached—they just don’t know about it.
Employees often leak data because security policies are not enforced. Internal threats can be just as common and just as damaging as external threats. Internal threats are often inadvertent, stemming from a lack of oversight as well as from disgruntled employees who leak sensitive data right after they’re fired.
When it comes to security, one key oversight is lack of training. It is imperative that employees know what the security policies are, all the way from what devices they can use to what applications they can download.
More organisations are struggling with shadow IT, which is the use of hardware or software that is not supported or authorised by an organisation’s IT department. Shadow IT can range from developers using various Software-as-a-Service (SaaS) platforms to employees storing corporate data in cloud storage solutions like Dropbox or Google Drive. These solutions seem innocuous to most people, which is why employees need to receive comprehensive training about what is a security risk and what isn’t.
If your organisation isn’t compliant, it’s unlikely to be secure. Consider whether the organisation would pass a compliance audit for security and Payment Card Industry (PCI). Complicating matters is the fact that many organisations don’t even know that governmental compliance regulations apply to them.
The right partners
More organisations are choosing to outsource security operations. But when it comes to outsourcing security, it’s truly a buyer beware scenario. The first step is to understand exactly what needs protection including devices, network, applications, and data. Then, determine which components of these are being outsourced. The second step is to choose the right partner or partners for those specific needs. Security is expensive, but not having security is even more expensive. Choose a vendor who can help make the right decisions around balancing performance, effectiveness and cost.
Physical security is the protection of people, hardware, programs, networks and data from any damage that might occur. If your physical system isn’t secure, nothing else matters. Yet physical security is one of the most overlooked aspects of a security strategy. The physical management of data centres includes security policies and procedures, security officer staffing, access control systems, video surveillance systems, standards compliance and physical security designs. Make sure the data centre complies with standards and conduct annual audits.
*Business Data Breaches Get More Expensive Each Year: The State of Enterprise Security.” Enterprise Apps Tech News. N.p., n.d. Web. 24 Mar. 2015.” Disaster Recovery Statistics. N.p., n.d. Web. 27 Mar. 2015. http://www.appstechnews.com
This article is contributed by CenturyLink which provides network and data systems management, Big Data analytics and IT consulting, and operates more than 55 data centres in North America, Europe and Asia. Go to CenturyLink for more information.