Cybersecurity spending continues to grow according to Gartner. The current worldwide market spends $75.4 billion and Gartner predicts this to increase to $101 billion by 2018. However, research has shown that organizations aren’t effectively investing their cybersecurity spending. 28% of organizations spending goes to security products, which are either underutilized or not used at all. Studies have also found that only 31% of security professionals are comfortable with their ability to detect and respond to incidents.
There’s a disconnect somewhere within business spending and security effectiveness. One of the first problems is relying solely on tools for defense, when information security is not just technology. Any good risk management posture involves people and process in addition to tools. Additionally, there’s a divide within the information security mindset as well. This divide involves another fundamental component to really protecting a business environment, and that is a business continuity plan.
Unfortunately, it seems even within the risk management teams, leadership forgets how much they need each other. Communication between business continuity and information security professionals is lacking. Instead of uniting to better defend the enterprise, they seem to believe that they can do so separately. The same way information security needs to become a part of the business process to succeed in defending against risks, so do BC and infosec require to become two in one.
The idea that information security or business continuity planning precedes the other doesn’t allow for cohesive defenses. Neither of them go before the other, on the contrary they work together. Information security allows organizations to look at their operational environment to find vulnerabilities lurking within the network, to set up their system and business structure so that it meets compliance and so that potential weak spots are spotted immediately. Business continuity helps to decide how to protect data so that disruption doesn’t render the data inaccessible. Back-up systems are decided, as well as practice drills, which help to reduce incident response times. A BC plan strengthens an information security plan and vice versa. The two can’t walk separate paths and if they do, they are automatically weakening the chances of a business to reduce breach damage and costs.
With the rise in ransomware attacks, businesses are now realizing the greater need for business continuity not only to avoid disruption due to unforeseen events such as hurricanes or power outages. With information security, mega breaches (like Target’s breach incident) have been highlighting the need for a holistic risk management posture for some time now. Even though attention is being brought to these risk management components at different times, the time has finally come for business executives to be aware of the need for collaboration across the invisible borders created by the different departments within the enterprise.
The sooner BC and infosec start working together, the sooner businesses realize they can’t only invest in tools if they don’t want to waste their spending and add costs when breach happens, the sooner organizations will start to truly defend and be prepared for security risks.
How is your organization handling business continuity and information security? Let’s get you on the right path to stay in business and grow your business. Give us a call!
Photo courtesy of Stuart Miles