Where Does Security Fit in Your 2020 Budget?
When we plan our future in the cyber world and think about security, what do we need to improve in our world? We ask ourselves the question why? And the reason is that there are a lot to attack and there are a lot of bad people. We need to understand how do we invest more in cybersecurity and get results and how can we block this thing?
The World Economic Forum from Jan 2019 rated cyberattacks in top 5 risks to the society, and it is number 1 in terms of man-made risks. 11% more was spend on cybersecurity in 2019. 46% of all the companies were affected and 36% of all consumers globally lost data.
Why budget for cybersecurity?
We have heard a lot about data collection and data analysis. In physical world, we have time. We can collect intelligence. We can process it. And we can run faster than the bad guys and we can send our armies to fight those bad boys. In cybersecurity we have no time because the damage can be right here, right now.
Generation of cyberattacks:
There are five generations of cyber-attacks and we are facing the fifth generation; where you can take all the previous elements and multiply them with a few factors of sophistication.
Generation 5 Vulnerabilities:
In 2018, 17000 new vulnerabilities were seen. These are more than double than two years earlier. All our infrastructure is suspicious. Here we talk about all our mobile phones that breach our security. If you think you are secure, this year, 700 vulnerabilities were found in mobile operating system. Our cloud infrastructure maybe the weakest link. It is not because the cloud is bad, the mobile and cloud companies are doing their best to secure its infrastructure but inherently it’s interconnected. Every cloud is almost connected to 15 other applications. Vulnerability in any of its sub section can lead to full penetration to its infrastructure.
Generation 5 attacks:
- Attacks are large scale (across country and industry)
- Attacks are multi-vector (network, cloud, mobile)
- Attacks are created at commercial and government grade tools.
Protection to current level attacks:
Most enterprises todays are still at the first generation of security. The average security level is 2.8. only 3% of the enterprises think they are protecting themselves from the fifth generation of attacks.
We have too many solutions and too much complexity. Earlier, there used to be a single bad file for the virus. Today that file can come to us in at least 9 different ways or attack security. So, we need to protect all of those. It can come through an email, it can come through a file server, or it can come through a mobile device. There are 8 different technologies that can be used to find that malware. So, we have, 9*8, 72 different combinations just to protect one single file. In a broader picture, if we need to defend cybersecurity on the enterprise, the number is huge. And the vectors and technologies are increasing ever year.
Problems for a small business security:
In 2018, 60% of cyber-attacks were against small businesses. In 2019, the percentage has only increased. In 2020, the percentage of cyber-attacks against small businesses will be close to 70%. It is also estimated that in 2020, the cost of cyber-attacks is going to be 5 trillion dollars. And if 70% of the attacks are against the small businesses, then obviously the small businesses are going to pay for a lot of that 5 trillion dollars.
With cyber-attacks, there are many ways it affects the small businesses. One way is if the small business is attacked with something like a ransomware; the ransomware can render the system useless, for maybe one or two weeks. So, the small business cannot provide the service to generate the revenue. So, basically, they are dead in the water for a week two and they can’t produce anything to generate revenue. that alone can take a small business out of business. The other way is that if the small business’s client data is stolen, then typically the small business has to pay, for every record that has been stolen due to a lack in cybersecurity.
How do we solve cybersecurity?
There are three key principles:
Step up to generation 5:
Set up your security level from Gen 3 to Gen 5. Use advanced capabilities on firewall or end point system.
Consolidate the technologies into one best solution.
Huge amounts are spent by enterprises in building systems to detect the attacks. We spend 80% on detection and only 20% on prevention of these attacks. This trend is wrong. We need to change it. We need focus on prevention. We should spend 80-90% on technologies that can block these attacks out before they even occur. That is how we will reduce our risk surface and block them. So, we should focus most of our energies in prevention and the rest in analysing and processing. It is also important, but it should be a minority of the investment.
What Should You Budget for Security in 2020?
1. Cybersecurity Solutions
- Get an Advanced Endpoint Protection so that you can sleep better in a world with integrated anti-malware and DLP.
- Data Encryption is important to keep your data safe in a range of formats
- Dark Web Scanning is the key as you and your employees are connected to business applications through usernames and passwords. Digital credentials are the most valuable assets in the Dark web.
2. Cybersecurity Insurance
Cyber Insurance helps businesses cover the recovery costs associated with any kind of cybersecurity incident including:
- Breach and event response coverage
- Regulatory coverage
- Cyber extortion
3. Backups & Ransomware Protection
The best way to defend against ransomware is to implement a range of cybersecurity protections that will keep your data protected, no matter what happens.
- Firewall is your first line of defense. A firewall is a solution that maintains the security of your network. It blocks unauthorised users from gaining access to your data.
- Network Monitoring: Your IT guy should be keeping an eye on your systems around the clock and addressing any suspicious activity immediately to prevent any damage.
- Data Backup: You should make a reasonable investment in a comprehensive backup data recovery solution so that you can restore your data at a moment’s notice when needed.
In the near future, cybersecurity will be the number one item on all business's profit and loss sheet. Businesses should start including cybersecurity as a priority. The cost of a comprehensive cybersecurity program is a small price to pay for the peace of mind you'll enjoy knowing your company is better protected. Let us help you secure your business today: Book a Consult!