How Much Cybersecurity Is Enough?

Posted on Oct 3, 2016
Share Button

For decades, IT focused on service rollout and fulfillment while security was considered an afterthought. Instead of being baked in from the start, it was bolted on after the fact.

These days, that approach simply will not suffice, because cyber threats are everywhere. Consider that yesterday’s hackers were typically individuals driven by curiosity; or at worst, mischief. Today’s hackers are more likely to belong to criminal organizations driven by profit; or at worst, state-sponsored terrorism.  

Yesterday’s malware was relatively simple stuff—easily recognized, blocked and eradicated. Today’s malware is far more complicated, conceals its own presence and activity using encryption and compression, and sometimes even includes polymorphic capabilities that leave it able to exploit multiple attack vectors in an unpredictable sequence.

Apply security in proportion to business priorities.

Organizations looking to protect against advanced modern threats like this know that security must be more tightly integrated than ever into networks, computational hosts, and the service delivery cycle in general. 

Yet, protection can’t come at the expense of innovation. Business growth, customer satisfaction, market share, and quarterly profits all ultimately emerge from the unique value offered by an organization’s products and services.  

If security compromises that value, the business outcome can’t be good. For instance, if security is applied so rigorously that network services slow to a crawl, customers are likely to turn elsewhere for faster services.  

A smart approach to security, therefore, balances security requirements with business goals. To do this, you need to intelligently allocate resources in proportion to business needs and priorities. This way, the most important assets get the most comprehensive protection.

A good illustration of how that idea might apply in a practical sense is evident in the financial space, via services like online banking. The paramount priority in this context is clearly the area of user validation and authentication: Who can log in; how secure is the log-on process; what can users do once they’re inside; how are financial transactions monitored, logged, and executed?

Customers will clearly have no tolerance at all for an insecure network that allows unauthorized access to critical liquid assets like cash and equities. Any financial institution’s security budgeting should take this into account.

A formal assessment can help.

For many organizations, it’s not quite so black and white how to assign priorities beyond that point. They may  have hundreds of different services with everything from Web hosting and e-commerce to internal communications and collaboration.

Determining how best to prioritize them, allocate resources accordingly, and optimally secure the network against the most dangerous threats, is a complex area in which they might well benefit from a trusted, informed partner. A partner who can perform a cyber threat assessment that can get you the facts — exactly how and where should you invest in more security — then recommend and deploy leading solutions and strategies based on the results. Read more about our approach to security and it's role on business prosperity