Pushing past shock and yawn
Contributing Reporter Lee Sustar calls out in a piece this month the “shock and yawn” response of consumers to the constant stream of data breaches. As mainstream users become more expectant of massive compromises of personal information – whether the incidents are qualified as the now oft-used “mega” or not – cybercriminals show no sign of giving up on using current tactics and finding new ones to steal data whatever their endgames may be.
Meanwhile, IT security pros, vendors and service providers are doing what they can to address the onslaught, Sustar notes. Whether this is happening with any degree of success is arguable, but perhaps we can assume that although we're hearing about frequent attacks we could be seeing even higher numbers of compromises if not for concerted efforts by IT security leaders and their bosses to shore up their overall security operations.
Maybe this is wishful thinking given that there likely are plenty of these same companies currently experiencing a breach of which they're still unaware, with data being siphoned off slowly. However, recent research does seem to bear out that corporate leaders are acting on the understanding that sound information security strategies are crucial. Long time coming, I know.
...more companies are being more strategic about security than in the past.
Still, out of some 2,900 IT and business “decision-makers” in medium-sized organizations across 11 countries and vertical markets, a little more than half are beginning to spend their security budgets on actually implementing security plans as opposed to reacting to threats, according to the Global Technology Adoption Index 2015, which was commissioned by Dell. Now, while a mere 54 percent isn't a number to necessarily celebrate, it does show that companies in the mid-sized market – which historically haven't been the most proactive when it comes to long-term security planning – are realizing the needs here.
Further, the research reveals that in North America and Western Europe, more companies are being more strategic about security than in the past. For 35 percent of respondents in North America this time around compared to 25 percent last year, “Security is being used to enable new things or drive a competitive advantage,” states Dell's report. For respondents based in Western Europe, there's a jump from 26 to 30 percent.
Again, small numbers, I know. And the actual spend levels on security show even less support for mass optimism: Overall, only about one in five organizations actually have comprehensive security plans in place and their annual IT spend level is less than $100,000, states the study. Spend levels grow more disheartening as one reads on. However, at least some action is being taken, right? Some leaders in medium-sized companies are making moves in the right direction?
My point is that if a little more than half of corporate leaders acknowledge they no longer can react to today's fast-moving threat landscape, that's a positive. Do they need to hurry up about it? Spend more and be strategic and effective with that spend? Get some strong strategies in place and diligently update them? Hell, yes, to all these and more.
But, being 100 percent safe from compromise will never be the reality, as Sustar's article calls out. Yet, more companies and their execs than before are trying to catch the bus. The hope is that those landing under it will continue be fewer and fewer with each IT security strategy and budget implemented.