News on the security front is not good.
As 2014 comes into the home stretch, it seems like there is a security breach, a new vulnerability or some sort of attack every week. Yet, even with warnings of future threats—the FBI is warning businesses to expect an attack—it seems like businesses are doing less to secure their networks and protect data.
A PwC report found that cybersecurity incidents rose 48 percent over the past year and occur at a rate of more than 117,000 per day. At the same time security incidents are going up, security spending is going down. As Samuel Greengard reported in CIO Insight:
Unfortunately, global information security budgets actually shrunk by four percent last year, which is a continuation of a five-year downward trend…. Don't expect this situation to get better anytime soon. Tight purse strings and chronic corporate myopia don't point toward any tangible improvement. Too often, the PwC report points out, organizations attempt to deal with the consequences of insider cybercrime internally rather than involving law enforcement agencies or pressing charges on the culprit. This leaves other organizations vulnerable if they hire these employees in the future.
However, the lack of security spending is almost irrelevant for 64 percent of small to midsize businesses (SMBs) that admit that they don’t have a security plan in place. That was what a survey by Software Advice discovered. A third of the respondents seemed pretty apathetic about the possibility of cybercrime, while only about half were confident in the security of their data.
Similarly, a report conducted by Check Point found that businesses are struggling with BYOD security issues and expect things to get worse as we enter 2015.
One of the most disconcerting comments about the state of cybersecurity on the business front came via the Software Advice study, concerning the lack of security attention by SMBs. According to the report, Jeff Multz, director of SMB sales for Dell SecureWorks, made this comment:
“I’m really scared, because small businesses are the soft, juicy innard. They have ignored [security] due to economics or due to a lack of understanding, and they are where the big companies were in 2003—it is that scary.”
It may be up to security companies to find and educate SMBs about the seriousness of potential attacks and vulnerabilities, then help them to prepare themselves to mitigate damages. And up to bloggers and writers to keep spreading the word to the IT and business staff to keep them informed of the detrimental effects of these threats.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba