Best Practices 10-26-2015

Managing Cyber Crime & Cybersecurity Budget

Katie Macdonald

The cost of cybercrime is on the rise. In fact, this year the average annual losses to companies worldwide came out to $7.7 million, according to a new report from the Ponemon Institute and Hewlett Packard Enterprise.

Cybersecurity incidents are not only increasing in number, they are also becoming progressively destructive and target a broadening array of information and attack vectors. The issue is not whether a business will be compromised but rather how successful an attack will be, and a company’s security budget must be organized accordingly.

Using a Cybersecurity Budget Wisely

Financially, cybersecurity budgets seem to be on the upswing; respondents in the ISACA study reported expected increases in security budgets in the next year regardless of company size.

With an accelerated increase in spending on cybersecurity year after year, anyone would think that companies are winning the battle against cybercriminals. But because of influxes in viruses, network penetrations, and data breaches, it is becoming clear that simply throwing money at all of the new and shiny hardware or software available is not solving the problem.

Thus optimizing both SSL security and basic security practices becomes more important. Proper security approaches and management can help prevent costly data breaches and will help a company’s security costs stay within a budget.

Train Employees on Best Security Practices

First and foremost, invest in proper employee training. According to Lisa Lyons in SpiceWork’s annual report on IT budgets, “. . . Even in a high tech sector, your weakest point is your users. Ensure that all employees are being careful or train them to be better.”

Employee training and awareness continues to be a critical, but often neglected component of cybersecurity. Just half of survey respondents said they conduct periodic security awareness and training programs, and the same number offer security training for new employees.

PwC advises that companies implementing new technologies without updating processes and providing employee training are not likely to realize the full value of their spending. To be truly effective, a cybersecurity program must carefully balance technology capabilities with redesigned processes and staff training skills.

Always Expect Potential Breaches

Planning for contingencies is critical to any organization’s cybersecurity budget.

A study by Kenna Security looked at 50,000 organizations and 250 million vulnerabilities between 2015 and 2014; there were over a billion successful exploits discovered. Even more alarming, one of the reasons for this large number of successful attacks is the length of time it takes most companies to address a problem. The study found that on average, companies take up to 120 days to fix issues or they simply left them unpatched.

The study goes on to report that there is a 90% chance of a vulnerability being exploited if not fixed 40 to 60 days after discovery. Fortunately, there are a number of tools and platforms available to prioritize and simplify remediation—DigiCert, for example, offers a variety of tools to help prioritize SSL management and bolster security across an enterprise.

Use Available Tools for Security Optimization

Managing the SSL infrastructure that maintains dozens of domains, hundreds of servers, thousands of PCs and devices, not to mention performing regular upgrades and other daily tasks, presents a challenge for any organization. This can also stress a cybersecurity budget. But the key is to minimize unnecessary spending on tools when there are efficient, low-cost options.

DigiCert offers powerful SSL-related tools and the best part: they’re free.

  • SSL Installation Diagnostics Tool—SSL optimization goes beyond merely purchasing a certificate. The Installation Diagnostics Tool allows you to type in the name of your server and check if a certificate has been properly installed and configured.
  • Express Install—the traditional certificate deployment process can be simple and efficient. DigiCert Express Install allows users to install SSL Certificates directly to their servers with just a couple mouse clicks, and standardizes the deployment process to reduce installation errors and save time and hassle.
  • Certificate Inspector—improperly installed and configured certificates are the most common source of SSL vulnerabilities. DigiCert’s Certificate Inspector scans the network to detect all certificates in use, examines configurations and implementations, and delivers critical certificate health information back to the admin.
  • Certificate Monitoring—tracking all possible vulnerabilities is not an easy task. DigiCert’s Certificate Monitoring provides a comprehensive overview of all SSL Certificates, allowing admin to detect phishing attempts, prevent fraud, and stop unauthorized SSL issuance.

Cybersecurity Investments Should Be Cost-Effective and Comprehensive

About three-quarters of surveyed IT pros consider their organizations at risk for technology, IT security, and man-made disasters or incidents. Many organizations don’t conduct regular security audits or update security practices to help protect against the worldwide increase in security breaches that can cost a company thousands of dollars, if not more. In other words, there’s still a lot of room for improvement when it comes to enterprise cybersecurity.

Developing an employee training course, paired with an IT department that is proactively preparing for attack and using the right tools to optimize SSL security are three aspects of a using a cybersecurity budget wisely. Enterprises should view cybercrime as a threat to the entire organization.


3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

5 Min

Featured Stories


Pioneering the next wave of secure digital solutions 

Why Q-Day is closer than you think

The challenges of achieving crypto-agility for private keys