Gartner: key to security not more money but better management

Analyst warns that it is not necessarily the material loss caused by a security failure that will hurt, but the fines and penalties with failing to secure data that will ultimately punish businesses.

Organisations that do not sufficiently protect their customers from loss of data are likely to face increasing financial penalties, analyst firm Gartner has warned.

The cost of a data breach to a company may rise by as much as 20 per cent this year and next, it has predicted.

But other research carried out by Gartner suggests that as much as 90 per cent of attacks designed to screw money out of companies could be avoided without an increase in security expenditure. This can be achieved mainly through better management and monitoring of security vulnerabilities as well as introducing identity and access management features to IT systems.

The problem that security managers face is less from mass external attacks than targeted attacks like phishing and identity-theft based penetration, suggests the company. Investments in intrusion prevention, vulnerability management and network access control have paid off when it comes to beating off the majority of viral and trojan attacks, but it is intrusions based on "legitimate" user identity is now the main threat.

"The biggest attack risk to organisations comes from targeted attacks," said John Pescatore, vice president and distinguished analyst for Gartner. "Being aware of 'inside out' communications and being able to block those as effectively as 'outside in' is becoming increasingly important. Security strategies must reduce the cost of dealing with mass attacks to free up investment and personnel resources to evolve capabilities for dealing with these more-complex targeted attacks."

The key is not spending more money but better management of resource, says Gartner, highlighting the fact that it sees no clear link between organisations that spend the most on security and organisations that are the most secure.

"The key is to identify major technology changes and start taking steps to reduce the cost of dealing with today's mature threats - viruses, worms and denial-of-service attacks - to free up funding and manpower to influence the new systems and business processes that are being built today and that will bring on the next generation of threats," said Pescatore.

Featured Resources

BCDR buyer's guide for MSPs

How to choose a business continuity and disaster recovery solution

Download now

The definitive guide to IT security

Protecting your MSP and your customers

Download now

Cost of a data breach report 2020

Find out what factors help mitigate breach costs

Download now

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Recommended

Data breach exposes widespread fake reviews on Amazon
data breaches

Data breach exposes widespread fake reviews on Amazon

7 May 2021
TsuNAME vulnerability could enable DDoS attacks on major DNS servers
distributed denial of service (DDOS)

TsuNAME vulnerability could enable DDoS attacks on major DNS servers

7 May 2021
What are SSH keys?
cyber security

What are SSH keys?

7 May 2021
Google’s about to push everyone into two-factor authentication
Security

Google’s about to push everyone into two-factor authentication

6 May 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

29 Apr 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

30 Apr 2021