As we begin another year in the information security industry, I've been mulling how far we've come...as well as how far we still have to go.
We seem at a tipping point of sorts. This last year saw cybersecurity go mainstream in some of the biggest ways to date. Most assuredly it has been a more frequent point of discussion among everyday citizens, politicians and others for some time, but 2016 saw the topic take a wider lead.
PBS specials on it hit, congressional confirmation hearings saw it bandied about like a ping pong ball, the average consumer is increasingly growing distrustful of various companies' data security protections which they do business, and the happenings go on. From presidential debates during which we witnessed a much maligned and dated stereotypical view emerge in the form of a “400-pound hacker” reference to the largest data breaches in history taking place (along with massive delays reporting these) thanks to Yahoo! to predictions that 2017 will usher in the first nation-state cyberattack being acknowledged as an act of war, cybersecurity is facing some interesting times.
Yet, with all the heightened chatter (and perhaps worry), a question remains: Will companies begin taking seriously their information security needs by effectively investing (maybe better than just) adequate dollars, time, resources and people? Many organizations still are floundering here, of course, but there are those industry pundits who believe just as last year arguably saw the most heightened interest in cybersecurity events and vectors of attack overall, 2017 will find a growing number of executives and board members placing more pressure on their CISOs or other cybersecurity leaders (that is, if they actually have them in place already) to tighten up their organizations' information security plans and solution implementations – an area of focus for this business leaders that they've too often given short shrift.
This view may be quite accurate given some recently reported findings. For example, the 2016 Ponemon Cost of a Data Breach Study revealed that the typical loss for each record pinched by a cybercriminal spiked to $158. So if a company faces millions or even billions of records stolen they could face serious impacts to revenue streams and perhaps, for some SMEs, close their doors completely.
Compound these increases in data loss costs with those requiring companies to become compliant with more stringent regulations, such as the EU's General Data Protection Regulation and others, and executives will find their budget allocations associated with cybersecurity expenditures necessarily jumping. Add to these crucial needs to shore up security controls associated with expanding cloud-based infrastructures, a widening array of endpoints (mobile security is this hardcopy edition's focus, in fact), and newer and impactful technologies in the forms of IoT and AI and information-security-related requirements grow even more acute.
With the dizzying array of security products and services currently on the market, investing in the right solutions and finding the most knowledgeable pros to manage these so that they effectively underpin business needs will continue to be challenging. However, this tipping point will either see organizations embracing cybersecurity as an enabler and differentiator to their organizations, which likely could contribute to their profitability and consumer loyalty and trust, or they will continue to coast with hopes customer records or intellectual property won't be breached. But, with many security vendors noting that 2016's cyberattack trends point to a rise in criminals targeting the theft of money-making data, such as social security and debit/credit card numbers to health records, the latter move could prove the tipping point of no return for these companies.