How Not To Waste Money On Cybersecurity – Itpro Today

How Not to Waste Money on Cybersecurity – ITPro Today

IT Pro Today is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
| Aug 18, 2022
Throwing money at security threats may be good exercise, but it won’t do much to deter data thieves, ransomware bandits, and other bad guys.
While enterprise security leaders usually do well at estimating threats and vulnerability, they often lack the ability to accurately assess business risk when making the case for sufficient security funding. “Cyber risk and its business impact is often put into technical language that the C-suite does not understand,” says John Gelinne, managing director, cyber and strategic risk, at business and advisory firm Deloitte. “As a result, translating threats and vulnerabilities into justifiable investments is often left to the tech team’s experience and judgment — insights that often trail evolving cyber threats.”
Related: IT Security Decision-Makers Struggle to Implement Strategies
A common way enterprises waste money on IT security is by configuring their security plans and budgets based on the latest cybersecurity trends and following what other organizations are doing. “Each organization’s security needs will differ based on their line of business, culture, people, policies, and goals,” says Ahmad Zoua, director of network IT and infrastructure at Guidepost Solutions, a security, investigations, and compliance firm. “What could be an essential security measure to one organization may have little value to another.”
Poor planning and coordination can lead to needless duplication and redundancy. “In large organizations, we frequently see many products and platforms that have the same or similar capabilities,” says Doug Saylors, cybersecurity co-leader for technology research and advisory firm ISG. “This is typically the result of a lack of a cohesive cybersecurity strategy across IT functions and a disconnect with the business.”
Related: Keeping Cybersecurity Spending on Track as IoT Adoption Swells
Organizations often layer security products on top of each other year after year. “As security teams and leadership, such as CISOs, leave the organization, new team members and leaders bring in new security products,” says Charles Everette, director of cybersecurity advocacy for cybersecurity firm Deep Instinct. “As the security solutions pile up, there’s a tremendous amount of wasted resources and capital as solutions — basically shelfware — don’t perform as expected due to not being updated nor keeping up with newer and more sophisticated attacks.”

Read the full article on our sister site, InformationWeek.
 
More information about text formats
Follow us:

source

Leave a Comment

Leave a Reply

Your email address will not be published.

What are the Twitter whistleblower’s allegations against company? – Yahoo Finance UK

Why Zero Trust Should be the Foundation of Your Cybersecurity Ecosystem – The Hacker News

Fremont County, Ohio, Extends Disaster After Cyber Attack – Government Technology

'Business as Usual' Amid Cyber Security Intrusion Investigation in Suffolk – Long Island Press