You can have the best, most up-to-date security solution in the world but if you, or your colleagues, don’t practise good habits for staying safe and secure online – a cybersecurity budget, even on the scale of Bank of America’s 2015 budget of US$400 million, can leave an organization vulnerable.
Varonis estimates that cybersecurity spending has increased by 141% since 2010. Gartner forecasts up to US$124 billion will be spent on IT security in 2019. Siddharth Deshpande, research director at Gartner, attributes part of the increased spending particularly on security services on persisting skills shortages and regulatory changes like the EU’s Global Data Protection Regulation (GDPR).
"Security and risk management has to be a critical part of any digital business initiative," he said.
Technology is no panacea for vulnerabilities
According to SolarWinds, internal factors are just as big, if not bigger, cybersecurity threat than external factors.
It’s not only about the [security] solutions!
That was the comment made by Kathleen Walker, principal product marketing manager at SolarWinds, while discussing the results of a yet to be released report on the state of cyber threats in Asia-Pacific.
Correcting the habits
The human factor issue necessitates corrective measures chief of which is behavioural related. Walker suggested having an effect annual training programme for employees.
“Having training interactive, and maybe making it a little, spending time to make it look great so that your employees really engage with it. That's critical because insiders are really going to be your largest source of security threats – your people,” she added.
Walker noted that most employees are well-intentioned people who make mistakes.
“I think the most common security bad practice probably circles around passwords. We're asking our employees to access so many different things and have unique and strong passwords for all those things. This puts a real burden on them when they're trying to just do their job more efficiently,” she commented.
Companies need to put tools and policies that can help employees get access to what they need without having to remember a dictionary of passwords.
But in addition to an effective training programme, organisations need to keep employees aware of the goings-on in other companies outside the business.
“These efforts are to remind them of some of these things that are really important around beyond just security hygiene, including trying to minimize those mistakes,” she concluded.
In this exclusive video, Walker addresses other issues relevant to any organisation’s cybersecurity posture and strategy:
Most common security bad practice: 00:31-00:55
Addressing the human vulnerabilities of risk management strategies: 00:56-01:19
The myth of a one-size-fits-all security strategy: 01:20-01:45