Businesses Have to Get Serious About Security

By

It should be a simple prioritization. In light of the increasing number of security breaches across industries, security should find itself at the top of the list of IT priorities today. From Target to Anthem, from AshleyMadison.com to the U.S. Office of Personnel Management, and countless others, the number of breaches, and consequently, those impacted, continues to rise at an alarming rate. PwC’s 2015 Global State of Information Security Survey, in fact, suggests a 66 percent CAGR in detected security incidents since 2009. 

While large institutions are obvious targets and tend to attract most of the malicious activity, smaller businesses should be aware of their connections to larger ecosystems. Sophisticated cybercriminals can, in fact, seek to exploit security weaknesses at smaller partners in order to infiltrate the entire ecosystem community—something most large businesses don’t typically look for.

And the one thing we can be certain of is that, as the world becomes even more connected, the frequency of hacks will only increase. WIRED’s Andy Greenberg, for instance, just published his account of sitting in a Jeep Cherokee while it was being hacked. While his scenario was voluntary, it highlights something we’ve known for years, yet obviously automakers haven’t taken seriously enough—the potential devastation if cars can be hacked.

Image via Shutterstock

Naturally, cost is an issue. But, when weighed against the potential damage from a breach, one has to wonder why so many businesses aren’t investing more in their security. Earlier this year, I discussed the issue with ViaWest’s CTO Jason Carolan, who suggested there is some willingness to spend more on security than in the past but, in most cases, it’s nowhere near enough.

“If you were to really take the [security related] events of the past few years as an important set of situations, if you didn’t at least double your security budget, you probably aren’t investing enough,” he said. “I don’t think an additional 20 percent is enough, because of the sophistication and the amount of layers you now need to orchestrate and protect.”

Incidentally, he also mentioned his own security budget had close to quadrupled over the past three years. He acknowledges proper security isn’t cheap, but says those that have appropriate measures in place sleep better.

And that brings me in a bit of a long-winded fashion, to what really prompted me to think about security today: a report from Randstad Technologies that shows a fundamental lack of regard for and understanding of the impact of insufficient security.

With an October 1 deadline looking for transitioning to EMV-capable technologies, the number of IT decision makers (42 percent) that have yet to being planning for the migration or have no knowledge of progress, is astounding. Even more astounding is that more than half are not concerned about the risk associated with missing the deadline, although that isn’t as surprising when you consider that more than a quarter of respondents feel that newer “chip and PIN” security measures are not more secure that older “chip and signature.”

“I’m surprised there's such a disconnect between companies’ seriousness about the EMV transition and their actions to make it happen,” said Dick Mitchell, Randstad Technologies Solutions Director. “I'm even more surprised that there is anyone – let alone 28 percent of respondents – who believe Chip and Signature is more secure than the technically superior Chip and PIN.”

Not surprisingly, the majority of respondents also believe the migration deadline and liability shift (at the deadline, businesses that have not migrated to EMV-capable technologies will be liable for fraud resulting from their lack of implementation) should be delayed. Will it help? Perhaps, for a few.

Historically speaking, however, businesses have not been willing to spend enough on security measures until forced into it, so it’s likely that a delay would only result in a similar situation 6 or 12 months later.

The bottom line is that, in a connected world, all involved parties—businesses, customers, vendors, financial institutions—bear the burden of responsibility for information privacy and data security. The only way it can be effective, however, is for each party to maximize its security presence to limit exposure. Or, the other way to look at it is, assume the other parties involved aren’t doing enough, so it all falls on your shoulders—or risk being the next in a long line of hacked businesses. Someone will, that much is certain.




Edited by Dominick Sorrentino

Group Editorial Director

SHARE THIS ARTICLE
Related Articles

5 Tips to Protect Your Website From Hackers

By: Contributing Writer    9/21/2022

Having an online presence today is critical for every organization, but as organizations increase their online visibility, they need to be constantly …

Read More

Intel Addressing Semiconductor Challenge with $20B Silicon Heartland Facility

By: Greg Tavarez    9/20/2022

Intel broke ground at the Silicon Heartland in Ohio and revealed the first phase of an education program to innovate and develop new capabilities with…

Read More

Food Tech and The Vegan Revolution

By: Juhi Fadia    9/13/2022

Israel is not only one of the most active venture capital investment countries in the world and home to many of the most successful tech start-ups in …

Read More

TECH: BIG DATA IN THE FASHION INDUSTRY

By: Contributing Writer    9/12/2022

The recipe for success in fashion retail? The right product, at the right price, at the right time. Simple. It is therefore quite remarkable that pred…

Read More

How To Find The Best Business VPN For Your Company

By: Contributing Writer    8/29/2022

A VPN, or Virtual Private Network, is a tool that helps to improve your online privacy and security by creating a private network from a public intern…

Read More