Unfortunately for many organizations, the best security and compliance tools don’t come cheap. Nor will these security essentials become less expensive in the future, as hackers’ techniques become more sophisticated.
By Sue Poremba
A new Gartner study reveals that in order to protect against growing cybersecurity threats, typical IT organizations will likely spend up to 30 percent of their budgets on security by 2017 — triple the amount spent just a few years ago.
Security Shouldn’t Be So Complicated
According to a Network World article, IT expenses are increasing, in part, because of the way companies approach security. Threats that were common five years ago have fallen by the wayside and been replaced by complex new attacks that use sophisticated tactics. Despite this shift, many security protocols continue to focus on the old style of threats, and new security tools for modern threats are simply built on top of old systems. This makes security more complicated to monitor, and in the end, there often ends up being a security failure.
Instead of using this outdated approach, companies need to rethink the way they budget for risks and take a simpler path of integration when it comes to security and compliance. According to the Network World article, Gartner suggests organizations move their investments from 90 percent prevention and 10 percent detection and response to a 60/40 budget split.
Looking for Outside Help
If companies want to remain viable, changes in the way they approach security and compliance are a necessity, not a luxury. With news of breaches and compromised data becoming an almost weekly occurrence, there are plenty of examples of how much damage one incident can do to a company’s reputation and financial bottom line. As security experts have repeatedly said, it’s no longer a matter of if a company will fall victim to an attack, but a matter of when.
Realistically, 30 percent of the IT budget — as Gartner predicts will become the norm — seems like a lot of money to spend on security, especially because technologies change at a rapid pace and new regulations often require companies to replace hardware and software in short periods.
Simplifying security and creating a better balance between detection and response may require some outside help. By consulting with a managed service provider (MSP) who specializes in security, IT departments can build a strategy that works for the company, meets industry compliance and regulations, and keeps the budget under control. With the guidance of an MSP, IT departments will be able to install the right technologies and keep up with the rapidly changing threat landscape.
Cybercriminals are more than willing to exploit old security systems. Yes, money will have to be spent to thwart their efforts, but with the right partnerships and the right approach, security and compliance doesn’t have to break the budget.