The increase in the number and type of cyber attacks and data breaches has sharply raised the profile of IT Security and Threat Protection for businesses. For those not working in IT, cyber security may seem like a relatively new phenomenon, but for experienced IT directors and managers the threat has built from a tidal swell to a major flood.
Research amongst our customers and vendor partners demonstrates that high-profile attacks such as those on FIFA, British Airways, Under Armour etc., and malware like WannaCry, NotPetya and GitHub have pushed the issue front-of-mind, stimulating thoughts on what the main pressure or pain points are for IT decision makers.
AVR has analysed the data and identified four key areas that are driving threat protection investment decisions.
The rapid growth in the number and type of endpoints or devices creates a much larger attack surface. Mobile devices are becoming increasingly more vulnerable to attack and Cloud applications can also be at risk. The challenge for each business is to fully assess and understand where the network is most vulnerable.
The AVR view is that regular Penetration Testing is a vital tool in helping to identify the weak areas.
Human beings make mistakes. Whilst security awareness training will undoubtedly help, the risk of someone innocently clicking an unsafe attachment is always present. Awareness of the location of all confidential data within the organisation and who can access it is an ever-present challenge for organisations but is critical in keeping data secure.
Data Loss Prevention, Identity Management and Encryption are essential security controls that will help meet the challenge.
Security solution vendors have traditionally focused on specific areas of attack, delivering solutions each with their own management and reporting tools, requiring costly supervisory resource. With multiple surfaces to monitor, increasing workloads, there is a concern that advanced threats could slip through unnoticed.
Installing a Complete Network-wide Solution could be the answer. Whilst this could require upgrading or replacing existing solutions where considerable investment has already been made, that cost will be considerably less than the downtime, loss of revenue and administrative fines (GDPR) caused by a successful attack or breach.
With this increased surface exposure beyond the network perimeter, security budgets will have to increase. Return on the investment may be difficult to justify, sometimes only proven when an attack has taken place. Some argue that it’s better to bear the cost of repairing after a breach has happened. However, with the Equifax breach reportedly costing $242 million and the £60 million cost to Talk Talk that’s a very brave or bold decision to make.
Small and medium sized enterprises have to carefully balance IT security investment and staff resources against other critical expenditure demands. In these situations, Managed Endpoint Security Services, where the responsibility for the management and monitoring of threat protection is outsourced can help to spread the cost.
AVR is on hand to help and advise with your decision making. Our technical and sales advisors are available to discuss your network structure and provide no-cost, no-obligation advice and information on the most appropriate route for your organisation. Feel free to call AVR on 01189 344 300 or email email@example.com. We will be delighted to help.