Are you spending too much on IT security?
Fed up with enterprises using lack of budget as an excuse for not securing data properly, Davey Winder investigates whether organisations could actually do more with less.
As a company with a reputation for building mission-critical IT systems for the defence and aerospace industries, Thales has an understandable interest in IT security spending.
Which is why I was surprised to find myself reading a report (http://www.thalescyberassurance.com/white-papers.htm) commissioned by the company which suggested businesses may be spending too much on IT security by over-protecting non-sensitive data.
Depending upon your company's appetite for risk" she explains "no data is ever considered as non-sensitive.
Ross Parsell, director of cyber strategy at Thales UK, warns that, while the volume and scale of cyber-attacks show no signs of slowing down, there is a danger that resources are sometimes assigned to areas that do not need them.
This idea that IT departments might be spending too much on the wrong things got me thinking: could the average enterprise do better, and be more secure, while spending less?
A great deal of the overspend argument depends on what organisations class as 'non-sensitive data', explains Logica's business consulting cyber security lead, Cheryl Martin.
"[In certain companies] No data is ever considered non-sensitive," says Martin. "Cyber criminals earn their keep from obtaining and reselling the most innocuous piece of information which, with careful company grooming, could be used to pull together an in-depth view of the targeted organisation and individuals".
In This Article
What you need to know about migrating to SAP S/4HANA
Factors to assess how and when to begin migrationDownload now
Your enterprise cloud solutions guide
Infrastructure designed to meet your company's IT needs for next-generation cloud applicationsDownload now
Testing for compliance just became easier
How you can use technology to ensure compliance in your organisationDownload now
Best practices for implementing security awareness training
How to develop a security awareness programme that will actually change behaviourDownload now