You would think that, given the ruinous financial and reputational consequences of data breaches, companies would take them seriously and do everything possible to prevent them. But, in many cases, you would be wrong.
The global cost of cybercrime is expected to exceed $2 trillion in 2019, according to Juniper Research’s The Future of Cybercrime & Security: Financial and Corporate Threats & Mitigation report. This is a four-fold increase when compared to the estimated cost of cybercrime just four years ago, in 2015.
While the average cost of a data breach is in the millions and malicious attacks are on the rise, 73 percent of businesses aren’t ready to respond to a cyber attack, according to the 2018 Hiscox Cyber Readiness Report. The study of more than 4,000 organizations across the US, UK, Germany, Spain and the Netherlands found that most organizations are unprepared and would be seriously impacted by an attack.
Why are organizations unprepared to deal successfully with such breaches? One potential issue is the toll working in cybersecurity takes on both CISOs and IT security professionals. One report indicates that two-thirds of those professionals are burned out and thinking about quitting their jobs. This is bad news when some 3 million cybersecurity jobs already are going unfilled, leaving companies vulnerable to data breaches.
In the executive suite, CISOs recently surveyed by ESG and the Information Systems Security Association (ISSA) said their reasons for leaving an organization after a brief tenure (18 to 24 months) include corporate cultures that don’t always emphasize cybersecurity and budgets that aren’t adequate for an organization’s size or industry.
We’d add one other factor: companies are often afraid to try new technology that can solve the problem.
Given the ongoing nature and potential negative impact of data breaches, all those factors need to change. Why put an organization, employees and clients under stress and at risk when there are solutions to not just managing, but eliminating data breaches?
Our clients have had particular success in identifying and stopping data breaches by using Splunk on AWS, which together offer a secure cloud-based platform and powerful event monitoring software. We are big believers in the combination, and we think that CISOs who are serious about security should be investigating their use. AWS dominates the cloud market and Splunk has spent six years as a Leader in the Gartner Security Information and Event Management (SIEM) Magic Quadrant, so we aren’t the only ones who are confident in their abilities.
Other technologies that monitor and identify potential issues do exist. The point is: learn the lessons offered by the disastrous data breaches of recent years and build a system that’s meant to prevent them. Yes, that might mean hiring skilled and experienced people and spending money to do it right, including a major technology overhaul if you haven’t already moved to the cloud.
But it’s a safe bet that hackers will continue to hack, and every organization that handles data is at risk. Building a technology foundation today that guards against potential issues tomorrow (or sooner) is the smart way for you to avoid becoming a news headline yourself.
Ready to Protect Your Company? As the only Splunk Premier MSP and Elite Professional Services partner in North America, TekStream is uniquely positioned to ensure your Splunk security solution is implemented successfully and your SOC is managed properly. Learn More.