July 28, 2015

Security Budget: Snowden Isn’t the Only Reason to Increase It

If you follow cyber security news, you know that the Edward Snowden situation has lead to a huge increase in the U.S. government’s security budget.

Snowden is the former National Security Agency subcontractor who left the country in 2013 and leaked top secret information about the NSA gathering the phone and email records of all Americans.

According to a story at sputniknews.com, the Information Security Oversight Office (ISOO) reported that the U.S. Department of Defense almost doubled its IT budget – to $6.6 billion – in 2014 following those revelations.

Unfortunately, it often takes a serious security breach – caused by insiders or outside information thieves – to drive an organization to increase its security budget.

“Last year’s non-stop parade of breaches showed CEOs and boards how detrimental a lack in security investment can really be to an enterprise’s health, let alone their own job security,” wrote a columnist at businessinsights.com.

As a result, many analyst firms say security spending is finally on the rise.

Gartner, Inc., an information technology research company, forecast IT security spending to increase 8.2% in 2015 to $77 billion (it increased 8% in 2014 as well).

Forrester Research shows that 40% of firms expect to increase their network security spending in 2015.

A blogger at forrester.com even pointed to double-digit growth in security budgets in some sectors. “Retail and other industries like healthcare, have a short window of time to get their security house in order before cybercriminals turn their sights on them.”

Here are the areas that the experts say need to be supported most this year by the information security budget.

DATA LOSS PREVENTION:

A Gartner IT Key Metrics Survey showed that this segment had the fastest growth (18.9%) in the security budget. Invest in the right technology including access control, intrusion prevention, identity management, and virus and malware protection.

MOBILE DEVICES:

A Ponemon survey by Raytheon last September showed that 52% of organizations and employees frequently sacrifice security practices for efficiency of mobile connectivity. Implement a BYOD policy, and equip all mobile devices with Internet security software, encryption, and remote wipe capabilities.

SECURITY AUDITS:

Security audits and information security checklists help identify specific threats to your business - and then you can create strategies to combat them.

INCIDENT RESPONSE:

No matter how much you spend on defense, some attacks will get through. Create a comprehensive data breach response plan that includes technologies to detect and defeat attackers.

STAFF:

According to an article at CSO.com, understaffing of security professionals will lead to unsecured wok projects and not being able to properly respond to incidents. Appoint a Chief Information Security Officer (CISO), hire security-trained personnel, and build and maintain an information security program and culture of security in the organization.

AWARENESS AND SUPPORT:

Employee training is critical. What will also help? Human-facing technologies that protect employees from information thieves (they’re alerted, for example, if they’re targeted by spear phishing).

DOCUMENT MANAGEMENT:

Implement policies and procedures that protect confidential information from creation of documents to destruction. For example, partner with a document shredding company for secure on- or off-site destruction of documents that are no longer needed. Be sure the company provides hard drive and e-media destruction services too.

Do you know the vulnerable areas in the office for a potential data breach? Use this information security infographic to find out. Does your office have some gaps? Find out how paper shredding and hard drive destruction services can improve security in your business.