An exclusive research by Gartner predicts that information security expenditure would exceed $124B by the end of 2019 globally. Despite this steep hike in cybersecurity investments, the number of cyberattacks escalated drastically this year. Most of the industries suffered badly as cyber crooks turn up with more sophisticated techniques among which identity theft tops the list inflicting heavy losses. As we have already reached the last quarter of 2019, the number of data abuse incidents have already increased 3.5 times compared to 2018 and is expected to reach almost 8 times by the year end.
It is definitely a grave concern that the number of cyber-attacks are growing despite huge IT security expenditures. Typically organizations make mistakes when it comes to tread a balance between IT security & convenience. Some of the common mistakes are as follows:
Sometimes organizations tend to overlook deploying critical security safeguards in spite of high risks in the IT ecosystem. There is a tendency to think that too much of upgrade in IT infra will hurt IT operational efficiency. So the investments are typically on firewalls, Intrusion Detection Systems and other advanced network security solutions. However, some of the other critical safeguards that protect the inner real such as user behavior analytics, privileged access management are overlooked. This mistake creates a security gap. Data breach mainly happens when end-users are not controlled and endpoints are not protected.
Lack of Resources:
If the non-IT management and IT security department is not on the same page in the matter of IT operational security then it could result in a catastrophe. Organizations often make mistakes when it comes to wisely distributed resources. Very often capital expenditures (CAPEX) and operational expenses (OPEX) are tilted in favour of growth, marketing and business expansion. Thus an adequate level of resources are not allocated towards IT security.
Resistance to change:
It has been seen that organizational culture and employees’ mindset often create a barrier in building a strong IT security infrastructure. While CTOs, CISOs and CSOs widely acknowledge the competency and importance of Privileged Access Management (PAM) to monitor user behaviour, the mid-level employees or the IT users resist this change due to several wrong notions. We have discussed this in detail in one of our recent blogs. This resistance hinders organizations from strengthening their IT security and eventually increases cyber risks.
IT infrastructure requirement is not static but insider threat is omnipresent:
Different industries have different IT security requirements. However they all require robust access control because insider and third-party threats are found everywhere. Eg. data driven organizations from e-commerce, BPO or BFSI industry requires robust access control, the utility industry needs to protect critical infrastructure such as SCADA systems from targeted attacks or insider threats, while modern operations and logistics need to protect their IoT devices that collect and transmit real-time data for Big Data Analytics. Healthcare industry on the other hand, store and process millions of customer records/ patients’ personal data. For this, a strong user authentication mechanism is required to ensure authorized access to highly confidential information.
ARCON is a leading enterprise risk control solutions provider, specializing in risk-predictive technologies. ARCON | User Behaviour Analytics enables to monitor end-user activities in real time. ARCON | Privileged Access Management reinforces access control and mitigates data breach threats. ARCON | Secure Compliance Management is a vulnerability assessment tool.