The cost of cybercrime is on the rise. In fact, this year the average annual losses to companies worldwide came out to $7.7 million, according to a new report from the Ponemon Institute and Hewlett Packard Enterprise.
Cybersecurity incidents are not only increasing in number, they are also becoming progressively destructive and target a broadening array of information and attack vectors. The issue is not whether a business will be compromised but rather how successful an attack will be, and a company’s security budget must be organized accordingly.
Financially, cybersecurity budgets seem to be on the upswing; respondents in the ISACA study reported expected increases in security budgets in the next year regardless of company size.
With an accelerated increase in spending on cybersecurity year after year, anyone would think that companies are winning the battle against cybercriminals. But because of influxes in viruses, network penetrations, and data breaches, it is becoming clear that simply throwing money at all of the new and shiny hardware or software available is not solving the problem.
Thus optimizing both SSL security and basic security practices becomes more important. Proper security approaches and management can help prevent costly data breaches and will help a company’s security costs stay within a budget.
First and foremost, invest in proper employee training. According to Lisa Lyons in SpiceWork’s annual report on IT budgets, “. . . Even in a high tech sector, your weakest point is your users. Ensure that all employees are being careful or train them to be better.”
Employee training and awareness continues to be a critical, but often neglected component of cybersecurity. Just half of survey respondents said they conduct periodic security awareness and training programs, and the same number offer security training for new employees.
PwC advises that companies implementing new technologies without updating processes and providing employee training are not likely to realize the full value of their spending. To be truly effective, a cybersecurity program must carefully balance technology capabilities with redesigned processes and staff training skills.
Planning for contingencies is critical to any organization’s cybersecurity budget.A study by Kenna Security looked at 50,000 organizations and 250 million vulnerabilities between 2015 and 2014; there were over a billion successful exploits discovered. Even more alarming, one of the reasons for this large number of successful attacks is the length of time it takes most companies to address a problem. The study found that on average, companies take up to 120 days to fix issues or they simply left them unpatched.
The study goes on to report that there is a 90% chance of a vulnerability being exploited if not fixed 40 to 60 days after discovery. Fortunately, there are a number of tools and platforms available to prioritize and simplify remediation—DigiCert, for example, offers a variety of tools to help prioritize SSL management and bolster security across an enterprise.
Managing the SSL infrastructure that maintains dozens of domains, hundreds of servers, thousands of PCs and devices, not to mention performing regular upgrades and other daily tasks, presents a challenge for any organization. This can also stress a cybersecurity budget. But the key is to minimize unnecessary spending on tools when there are efficient, low-cost options.
DigiCert offers powerful SSL-related tools and the best part: they’re free.
About three-quarters of surveyed IT pros consider their organizations at risk for technology, IT security, and man-made disasters or incidents. Many organizations don’t conduct regular security audits or update security practices to help protect against the worldwide increase in security breaches that can cost a company thousands of dollars, if not more. In other words, there’s still a lot of room for improvement when it comes to enterprise cybersecurity.
Developing an employee training course, paired with an IT department that is proactively preparing for attack and using the right tools to optimize SSL security are three aspects of a using a cybersecurity budget wisely. Enterprises should view cybercrime as a threat to the entire organization.