I mentioned in my previous post that this is the time of the year for predictions. The folks at SilverSky have a slightly different twist. As a follow up to its 2013 Financial Institution Threat Report, the company decided to find out what 2014’s security spending trends will be. Understanding how to plan for security spending makes a lot of sense to me. As the SilverSky blog pointed out:
The best way to improve your organization’s security posture in 2014 is to more accurately understand today’s threat landscape into which you're pouring your budget.
So where is security spending happening? It appears that most companies will stick with what they know–firewalls, AV software, etc.–rather than look for new solutions. While protecting the network has to be the top priority in IT security efforts, the survey found that what concerns IT departments the most is data loss and targeted phishing attacks. Because data loss can happen in ways that don’t involve breaching the network (e.g. lost devices or employee mistakes), it may be that focusing on the old-guard security approaches should be re-evaluated. Because, according to SilverSky:
Interestingly, only 37 percent of organizations plan to up their budgets on email security tools that directly address these concerns, highlighting a slight disconnect between spending plans and perceived threats.
These security decision makers are on the right track, and a quarter of them plan to increase their security investments next year–but wouldn’t the money be spent more wisely and security itself improved if IT security departments were able to focus spending on the areas that worry them most?
I wonder how much money is being budgeted to expand BYOD security education and policy. Or how much will be spent for just improving security education in general? In the end, your security spending has to match your needs plus maybe a little bit more in anticipation of what could happen. We know that as soon as we plan for one thing, in the worlds of technology and security, someone is there to find a new way to infiltrate the network.