Businesses Have to Get Serious About Security

By

It should be a simple prioritization. In light of the increasing number of security breaches across industries, security should find itself at the top of the list of IT priorities today. From Target to Anthem, from AshleyMadison.com to the U.S. Office of Personnel Management, and countless others, the number of breaches, and consequently, those impacted, continues to rise at an alarming rate. PwC’s 2015 Global State of Information Security Survey, in fact, suggests a 66 percent CAGR in detected security incidents since 2009. 

While large institutions are obvious targets and tend to attract most of the malicious activity, smaller businesses should be aware of their connections to larger ecosystems. Sophisticated cybercriminals can, in fact, seek to exploit security weaknesses at smaller partners in order to infiltrate the entire ecosystem community—something most large businesses don’t typically look for.

And the one thing we can be certain of is that, as the world becomes even more connected, the frequency of hacks will only increase. WIRED’s Andy Greenberg, for instance, just published his account of sitting in a Jeep Cherokee while it was being hacked. While his scenario was voluntary, it highlights something we’ve known for years, yet obviously automakers haven’t taken seriously enough—the potential devastation if cars can be hacked.

Image via Shutterstock

Naturally, cost is an issue. But, when weighed against the potential damage from a breach, one has to wonder why so many businesses aren’t investing more in their security. Earlier this year, I discussed the issue with ViaWest’s CTO Jason Carolan, who suggested there is some willingness to spend more on security than in the past but, in most cases, it’s nowhere near enough.

“If you were to really take the [security related] events of the past few years as an important set of situations, if you didn’t at least double your security budget, you probably aren’t investing enough,” he said. “I don’t think an additional 20 percent is enough, because of the sophistication and the amount of layers you now need to orchestrate and protect.”

Incidentally, he also mentioned his own security budget had close to quadrupled over the past three years. He acknowledges proper security isn’t cheap, but says those that have appropriate measures in place sleep better.

And that brings me in a bit of a long-winded fashion, to what really prompted me to think about security today: a report from Randstad Technologies that shows a fundamental lack of regard for and understanding of the impact of insufficient security.

With an October 1 deadline looking for transitioning to EMV-capable technologies, the number of IT decision makers (42 percent) that have yet to being planning for the migration or have no knowledge of progress, is astounding. Even more astounding is that more than half are not concerned about the risk associated with missing the deadline, although that isn’t as surprising when you consider that more than a quarter of respondents feel that newer “chip and PIN” security measures are not more secure that older “chip and signature.”

“I’m surprised there's such a disconnect between companies’ seriousness about the EMV transition and their actions to make it happen,” said Dick Mitchell, Randstad Technologies Solutions Director. “I'm even more surprised that there is anyone – let alone 28 percent of respondents – who believe Chip and Signature is more secure than the technically superior Chip and PIN.”

Not surprisingly, the majority of respondents also believe the migration deadline and liability shift (at the deadline, businesses that have not migrated to EMV-capable technologies will be liable for fraud resulting from their lack of implementation) should be delayed. Will it help? Perhaps, for a few.

Historically speaking, however, businesses have not been willing to spend enough on security measures until forced into it, so it’s likely that a delay would only result in a similar situation 6 or 12 months later.

The bottom line is that, in a connected world, all involved parties—businesses, customers, vendors, financial institutions—bear the burden of responsibility for information privacy and data security. The only way it can be effective, however, is for each party to maximize its security presence to limit exposure. Or, the other way to look at it is, assume the other parties involved aren’t doing enough, so it all falls on your shoulders—or risk being the next in a long line of hacked businesses. Someone will, that much is certain.




Edited by Dominick Sorrentino

Group Editorial Director

SHARE THIS ARTICLE
Related Articles

How to outsource photo editing for e-commerce

By: Contributing Writer    11/17/2021

Find out how to find a reliable service to outsource photo editing for ecommerce. Learn what factors you should consider and what questions to ask you…

Read More

New Bill Requires Automakers to Development Drunk Driving Prevention Tech

By: Luke Bellos    11/12/2021

Congress recently passed a bipartisan infrastructure bill, which includes a mandate requiring auto companies to develop drunk-driving prevention techn…

Read More

Facebook Whistleblower Shares Metaverse Concerns

By: Luke Bellos    11/11/2021

Whistleblower Francs Haugen recently interviewed with AP News and shared her concerns regarding Facebook's recent shift in attention toward the metave…

Read More

High-Energy High-Power Density Thermal Batteries: High Impact Climate Change Solutions to Expand in China

By: Matthew Vulpis    11/10/2021

For nearly three decades, the United Nations has been bringing together almost every country on earth for global climate summits - called COPs - which…

Read More

New Zealand Cybersecurity Company Helps Squelch BlackMatter Ransomware Scheme

By: Laura Stotler    11/1/2021

A New Zealand cybersecurity firm is stamping out the BlackMatter ransomware scheme through a critical vulnerability. The firm is helping ransomware vi…

Read More