"You're only supposed to blow the bl**dy doors off!"
When it comes to cyber security is overkill a problem?
This classic line from a classic movie (I am speaking of the original Italian Job of course!) has made its mark in the world of cinema but how can it be of relevance to the world of IT? If you remember, the phase was uttered by Michael Cane during the part of the movie where they were practising the robbery of an armoured vehicle. The plan was to blow the armoured vehicle doors off and rob the contents BUT during the practise attempt too much explosive was used and the entire truck, including the contents was blown to smithereens.
So what was the lesson? the lesson was that overkill can be counterproductive. And this is where I try to relate this lesson to the world of cyber security (or perhaps IT in general).
"In 2021, the average number of cyberattacks and data breaches increased by 15.1% from the previous year. In 93 percent of cases, an external attacker can breach an organization's network perimeter and gain access to local network resources"
We are surrounded by extremely concerning statistics with malicious attacks on the rise; including phishing, malware, data breaches and ransomware. Outside of attacks we could also consider areas such as GDPR compliance and the risks associated with non-compliance and fines. So, no matter what your justifications are, as responsible businesses you are tasked with the protection of your data, staff, clients and reputation. But how for are you willing to go?
"Respondents to our most recent survey spent about 10.9% of their IT budget on cybersecurity on average, up from 10.1% a year earlier. This equalled about 0.48% of company revenue on average, again up from 0.34%. In terms of spending per employee, respondents spent about US$2,700 on average per full-time employee (FTE) on cybersecurity, increasing from about US$2,300 last year."
Consider the following:
Have you weighed out the risk of an attack vs your cyber investment?
Have you introduced too many vendors and technologies that now results in processes being too slow and IT infrastructure complexity too high?
Have you thought about simplifying your cyber security environment?
You see, the goal in the Italian Job was to blow the doors off allowing them safe access to the treasures within. Or rather the blowing the doors off enabled them to reach their ultimate goal which were the treasures within. So if the the ultimate goal of every business is to thrive and operate in a safe environment then how much cyber investment (explosive) is required before it becomes counter productive (or self-destructive?)
Spend too much and you start to damage the bottom line.
Increase the number of security processes you start to damage productivity.
Introduce too many technologies from multiple vendors and you increase complexities.
So I suppose I have the answered the question of the day. Can you spend to much on cyber security? well...yes...ish. Spend to much and you are at risk of the 3 points above. Your company will be well protected but at the potential detriment of its operations.
It is an interesting crossroad. The difficulty is in the balancing act - cyber security spend being proportionate to the risk. Some businesses will spend astronautical amounts of money in cyber security, especially those with substantial amounts to lose but even the start-up and SMB market find themselves asking how much should I spend on cyber security? Like the practise run in the movie using too much explosive (or spending too much on cyber security) could be counterproductive. So you start to ask yourself 3 key questions?
If I lost all my company's data tomorrow, how quickly could I bounce back?
If client data was compromised, how will my reputation be impacted?
What would be a good level of protection for my business and where would be a good place to start? (perhaps the image below will help in highlighting the trend but its different per industry vertical)
At Arc Phoenix, we are not here to tell you how you should be running your business but instead we are here to inform you on the plethora of solutions that are available to help provide you with peace of mind. In addition to strong cyber security practises and policies, we advise businesses to at the very least consider the following:
I finish on this note, at the end of the Italian Job, Michael Cane and his team are on a bus celebrating their successful robbery when they crash and end up hanging over the edge of a cliff face staring at there own potential demise. A literally cliff-hanger.
Therefore, they may have celebrated pre-maturely, thinking that the job in hand is complete...do not let this be you - deployment of cyber solutions is not the end of the story. Remember that cyber security is an ever-evolving, multi-facetted programme of continuous works. Keep on top of this programme and keep on top of emerging threats!