It can’t be a coincidence that security spending is rising after a year when its profile has never been higher. Whether or not your budget will increase this year, we have some tips to ensure you’re spending it effectively.
Events of 2017 provided ample ammunition for any infosecurity or IT professional to build a compelling case for security investment to boards of directors. By most estimates, the NotPetya ransomware outbreak cost more than $1 billion in damages worldwide. Similarly, the WannaCry ransomware caused massive disruption, forcing many companies back to the dark ages of pen and paper. The Equifax data breach became a byword for awful incident management, with security executives and the CEO ultimately resigning.
In years past, incidents like these were soon forgotten. But there are encouraging signs that a business audience is more receptive than ever to security messages. Last October, The Wall Street Journal ran a front-page story, showing how CEOs are prioritising security. The article said they fear a breach could hurt their businesses and cost them their jobs. In early December, CNet declared that 2017 was the year when security awareness finally broke through to the mainstream.
Against this backdrop, Gartner has forecast that global security spending will rise to $96.3 billion this year. That’s an increase of 8 per cent over 2017 levels.
Let’s suppose your organisation is one of those lucky ones with more money to spend on security in 2018. Here are three tips from BH Consulting to help you direct security investment to where it’s needed most:
Make sure you’ve carried out a comprehensive review of your security from a business risk point of view. Rather than spending indiscriminately, this will guide you to addressing your key business risks appropriately.
Avoid silver bullets
Every year brings new must-haves, but before investing in the latest technology, make sure you’re addressing the basics. That means patching, access control, auditing and monitoring. As long as organisations continue to get the basics wrong, that’s where any increased spending should target first.
In previous years, advanced persistent threats and zero-day protection were the toys everyone wanted. Now it’s artificial intelligence. In BH Consulting’s experience, many A.I. security tools just apply automation rather than critical judgement. Will it really address your business risks (see point 1)?
Carry out thorough due diligence on potential partners or suppliers to ensure they have a good track record. We’ve already seen how, with GDPR nearing, a spate of “experts” has begun appearing. When dealing with consulting companies or solution providers, first check how long they’ve been in this space. How much experience do their staff have? Who are their customers, and how much do their customers use them?
Ideally, your chosen provider should also have client references from similar types of business to your own. Look at peer reports and industry coverage of these companies to ensure they have the credibility they claim to have.
Interestingly, Gartner expects organisations will increasingly use outside help with security, in the form of consultants and managed service providers. That makes our third point especially relevant. With 2017 still fresh in our minds, here’s to a more secure 2018 for everyone.