Businesses Have to Get Serious About Security

By Erik Linask July 21, 2015

It should be a simple prioritization. In light of the increasing number of security breaches across industries, security should find itself at the top of the list of IT priorities today. From Target to Anthem, from AshleyMadison.com to the U.S. Office of Personnel Management, and countless others, the number of breaches, and consequently, those impacted, continues to rise at an alarming rate. PwC’s 2015 Global State of Information Security Survey, in fact, suggests a 66 percent CAGR in detected security incidents since 2009. 

While large institutions are obvious targets and tend to attract most of the malicious activity, smaller businesses should be aware of their connections to larger ecosystems. Sophisticated cybercriminals can, in fact, seek to exploit security weaknesses at smaller partners in order to infiltrate the entire ecosystem community—something most large businesses don’t typically look for.

And the one thing we can be certain of is that, as the world becomes even more connected, the frequency of hacks will only increase. WIRED’s Andy Greenberg, for instance, just published his account of sitting in a Jeep Cherokee while it was being hacked. While his scenario was voluntary, it highlights something we’ve known for years, yet obviously automakers haven’t taken seriously enough—the potential devastation if cars can be hacked.

Image via Shutterstock

Naturally, cost is an issue. But, when weighed against the potential damage from a breach, one has to wonder why so many businesses aren’t investing more in their security. Earlier this year, I discussed the issue with ViaWest’s CTO Jason Carolan, who suggested there is some willingness to spend more on security than in the past but, in most cases, it’s nowhere near enough.

“If you were to really take the [security related] events of the past few years as an important set of situations, if you didn’t at least double your security budget, you probably aren’t investing enough,” he said. “I don’t think an additional 20 percent is enough, because of the sophistication and the amount of layers you now need to orchestrate and protect.”

Incidentally, he also mentioned his own security budget had close to quadrupled over the past three years. He acknowledges proper security isn’t cheap, but says those that have appropriate measures in place sleep better.

And that brings me in a bit of a long-winded fashion, to what really prompted me to think about security today: a report from Randstad Technologies that shows a fundamental lack of regard for and understanding of the impact of insufficient security.

With an October 1 deadline looking for transitioning to EMV-capable technologies, the number of IT decision makers (42 percent) that have yet to being planning for the migration or have no knowledge of progress, is astounding. Even more astounding is that more than half are not concerned about the risk associated with missing the deadline, although that isn’t as surprising when you consider that more than a quarter of respondents feel that newer “chip and PIN” security measures are not more secure that older “chip and signature.”

“I’m surprised there's such a disconnect between companies’ seriousness about the EMV transition and their actions to make it happen,” said Dick Mitchell, Randstad Technologies Solutions Director. “I'm even more surprised that there is anyone – let alone 28 percent of respondents – who believe Chip and Signature is more secure than the technically superior Chip and PIN.”

Not surprisingly, the majority of respondents also believe the migration deadline and liability shift (at the deadline, businesses that have not migrated to EMV-capable technologies will be liable for fraud resulting from their lack of implementation) should be delayed. Will it help? Perhaps, for a few.

Historically speaking, however, businesses have not been willing to spend enough on security measures until forced into it, so it’s likely that a delay would only result in a similar situation 6 or 12 months later.

The bottom line is that, in a connected world, all involved parties—businesses, customers, vendors, financial institutions—bear the burden of responsibility for information privacy and data security. The only way it can be effective, however, is for each party to maximize its security presence to limit exposure. Or, the other way to look at it is, assume the other parties involved aren’t doing enough, so it all falls on your shoulders—or risk being the next in a long line of hacked businesses. Someone will, that much is certain.




Edited by Dominick Sorrentino

Group Editorial Director

SHARE THIS ARTICLE
Related Articles

Four Reasons to Reach for the Cloud after World Earth Day

By: Special Guest    4/23/2018

The World Earth Day agenda offers a chance to flip the rationale for cloud adoption and highlight environmental benefits that the technology brings pr…

Read More

Bloomberg BETA: Models Are Key to Machine Intelligence

By: Paula Bernier    4/19/2018

James Cham, partner at seed fund Bloomberg BETA, was at Cisco Collaboration Summit today talking about the importance of models to the future of machi…

Read More

Get Smart About Influencer Attribution in a Blockchain World

By: Maurice Nagle    4/16/2018

The retail value chain is in for a blockchain-enabled overhaul, with smarter relationships, delivering enhanced transparency across an environment of …

Read More

Facebook Flip-Flopping on GDPR

By: Maurice Nagle    4/12/2018

With GDPR on the horizon, Zuckerberg in Congress testifying and Facebook users questioning loyalty, change is coming. What that change will look like,…

Read More

The Next Phase of Flash Storage and the Mid-Sized Business

By: Joanna Fanuko    4/11/2018

Organizations amass profuse amounts of data these days, ranging from website traffic metrics to online customer surveys. Collectively, AI, IoT and eve…

Read More