Security technology investment is no guarantee of protection against the latest threats. Recent studies by the Ponemon Institute indicate that despite serious business investment in equipment, there was still a 58 percent year-on-year increase in malware incidents, with the average cost of a cyber attack incurring a massive $6.1 million penalty.
In order to truly improve data security, every business must first consider a few key things: What are you protecting? What is it worth to you? What are you protecting it against? And what are the consequences of failure? These questions also need to be asked repeatedly and regularly – the shifting demands of employees, customers and other stakeholders together with evolving compliance standards cannot be resolved by point products alone, however sophisticated.
The modern data security challenge is made even more complex by employees accessing company resources internally and externally by any means at hand, including untrusted cloud platforms and their own personal devices. Rarely intentionally malicious, these practices add intelligent identity management and granular user authentication as extra security overheads to a list that already includes data leakage, malware, exploits and hackers. These multilayered risk and security challenges can only be met with a blend of technology, consultancy, commitment, resolution and a genuine willingness to adapt.
IT managers must continue to mitigate all these issues by taking the smartest precautions that they can to manage them effectively and strike a balance between security, productivity and cost. A thoroughly planned, practical security strategy will always help to improve protection levels, while also reducing costs. Businesses must take a risk-based approach; develop objective security plans that are prioritized and actionable; gain a better understanding of actual risks, costs and benefits; and then invest time, money and effort primarily in those areas that are of greatest value.
Achieving this will always demand cultural change, collaboration and measured partnerships – and not merely a stack of sophisticated security equipment.