Making the Business Case for Cybersecurity
There may not be a category of technology more important to a business than cybersecurity, especially as cyber actors become more skilled in their craft.
In 2021 and beyond, securing your organization’s network and information should get as much attention as your core IT infrastructure and endpoint devices. There is very real financial and reputational harm that can befall your business if you fail to adequately invest in cybersecurity, regardless of the size of your organization.
Cybersecurity is now a prudent part of doing business
Cybersecurity is now no longer an option, as ransomware, phishing attacks, trojans and supply chain attacks continue to increase.
Since the start of the COVID-19 pandemic, the FBI’s cyber crimes unit has seen a 400% increase in cyber attacks, ransomware gangs are becoming more sophisticated and malicious actors are finding new ways to compromise the IT software supply chain to infiltrate government and enterprise networks.
According to Microsoft’s Digital Defense Report, the company blocked over 13 billion malicious and suspicious emails in 2019, including 1 billion that were URLS set up to launch phishing attacks. These numbers are only expected to grow for 2020 and beyond.
“With ransomware and data breaches on the rise, the odds are against you,” says Vince Crisler, CEO of cybersecurity software company Dark Cubed.
Cybercriminals are just as intelligent and tech-savvy as their counterparts in cybersecurity, but they have the added ability of going on offense, and they’re getting better at it.
“The speed to market that the bad guys have now is really impressive,” Crisler says.
No organization is immune from these threats
In today’s environment, no organization is immune to a cyber attack. Cybercriminals are evolving and constantly shift to new attack methods and find new victims who could be easily exploited for a hefty payday.
Large enterprises and small businesses alike need to be prepared with adequate email security, antivirus, backup and recovery solutions, says MJ Shoer, senior vice president and executive director of the CompTIA ISAO.
Small organizations often think that since they’re not big targets, they don’t have to invest in cybersecurity solutions. Or, they think that a breach is inevitable since their larger counterparts can’t even protect against them.
“But you still lock your doors and you still arm your alarm – even though neither one is going to prevent someone who’s determined to break into your place,” Shoer says. “But, you still do it because you try to make it as difficult as possible, so that they give up when they’re trying.”
If you do nothing, it’s no different than leaving your doors unlocked with the lights on 24/7.
In some cases, it’s a requirement
Increasingly, the supply chain of virtually any businesses is interested in just how secure your organization is to avoid the possibility of a large-scale supply chain attack that could impact multiple levels of your industry’s ecosystem.
Law firms, clients, banks and even insurance companies – if they aren’t already – are going to start asking some tough questions about the security of your network.
Cybersecurity insurance is becoming a popular option, but those carriers have been known to increase premiums for an organization that shows a lack of interest in its own security.
“The insurance industry is putting a huge amount of pressure on all kinds of businesses to keep their cyber liability coverage,” Shoer says. “What insurer wants to be on the hook for a big breach I you’re not even doing the most basic things?”
More than a technology decision: a smart business decision
If the fear and uncertainty of the cyber threat landscape doesn’t do the job of convincing your organization to invest heavily in cybersecurity solutions, then pitching a cybersecurity budget as a smart business move should.
When factoring in cost alone, deciding to spend on cybersecurity solutions should be a no-brainer. The average cost of a data breach in the U.S. is $8.64 million, and some of the most notorious ransomware gangs now demand an average ransom well into six figures.
“I think it’s being smart about running a business,” Crisler says.
Although cybersecurity can be complicated and overly technical – and thus a hard sell to some executives – the conversation should be business oriented rather than technical.
“It’s a business conversation – not a technology conversation,” Shoer says. “The organization needs to understand what their risk profile is and how they could be attacked.”
Cybersecurity experts now believe that most organizations will eventually be infiltrated by a malicious actor, Shoer says.
“The question is, ‘Will they know it or not?’”