Tag: awareness

The Real Cost of Cybersecurity: Avoiding Overspending While Addressing the Basics 

Posted on by Greg Price in Articles

In today’s digital landscape, cybersecurity is a critical concern for organizations of all sizes. With an increasing number of cyber threats, companies often feel pressured to invest heavily in advanced cybersecurity tools and services. However, this rush to implement high-end solutions can lead to overspending, especially when basic cybersecurity measures are overlooked. This article explores the pitfalls of overspending on cybersecurity and emphasizes the importance of foundational security practices. 

The High cost of Cybersecurity Missteps

Statistics Highlighting the Issue 

Recent reports underline the significant time and resources required to handle cybersecurity breaches. According to the IBM / Ponemon Institute’s “Cost of a Data Breach Report 2023,” it takes organizations an average of 207 days to identify a breach and an additional 70 days to contain it, totaling 277 days (over nine months). This prolonged period can have severe financial and reputational impacts on businesses. 

Additionally, the 2024 Verizon Data Breach Investigations Report (DBIR) reveals that 68% of breaches involve human error, and 14% are due to unpatched vulnerabilities. These statistics underscore a critical issue: many breaches occur due to basic security lapses that could be mitigated with fundamental cybersecurity practices. 

The Vendor Trap 

Many organizations fall into the trap of purchasing expensive cybersecurity solutions, often influenced by vendors who promote high-end tools and services. While these solutions can be effective, they are not always necessary, especially when the basic cybersecurity measures are not in place. This misallocation of resources can lead to significant overspending without addressing the root causes of vulnerabilities. 

Essential Cybersecurity Measures 

Patching and Updates 

Regularly updating and patching software is one of the most effective ways to prevent cyber attacks. Unpatched systems are a primary target for cybercriminals, as evidenced by the surge in vulnerability exploitation noted in the Verizon DBIR. Organizations should prioritize timely updates to close security gaps. 

Two-Factor Authentication (2FA) 

Implementing two-factor authentication adds an extra layer of security, making it more difficult for attackers to gain unauthorized access. 2FA should be used for all critical systems to enhance protection. 

Regular Backups 

Maintaining and testing regular backups is crucial for data recovery in the event of a breach. Ensuring that backups are up-to-date and stored securely can help organizations quickly restore operations and minimize downtime. 

Awareness Training 

Human error is a significant factor in many breaches. Regular cybersecurity training for all employees can reduce the risk of phishing attacks and other social engineering tactics. Educating staff on best practices and potential threats is essential for creating a security-aware culture. 

Endpoint Protection 

Deploying and regularly updating antivirus and endpoint security solutions is fundamental to protecting devices from malware and other threats. Endpoint protection should be part of a comprehensive cybersecurity strategy. 

Balancing Security Investments 

While advanced cybersecurity tools and services can offer enhanced protection, they should not replace basic security measures. Organizations need to assess their specific needs and ensure that foundational practices are firmly in place before investing in high-end solutions. Here are a few steps to balance security investments: 

1. Evaluate Vendor Proposals: Scrutinize vendor offerings to ensure they meet your organization’s specific needs without unnecessary costs. 

2. Prioritize Basic Security: Focus on fundamental protections, such as patch management and employee training, before investing in advanced tools. 

3. Continuous Improvement: Regularly review and update your cybersecurity practices to adapt to evolving threats and ensure that basic measures remain effective. 

Conclusion 

Overspending on cybersecurity without addressing the basics can leave organizations vulnerable and financially strained. By prioritizing fundamental security measures and making informed decisions about advanced tools, businesses can achieve a more effective and cost-efficient cybersecurity posture. 

Ten habits to avoid data loss

Posted on by Greg Price in Articles

This article was originally published in The Troy Messenger on September 20, 2019.

Greg Price

Recently, I worked with a group who suffered an enormous data breach. The company realized something odd was afoot when payroll checks began to bounce.

In the security world, we often describe this type of breach discovery as “third-party” notification. In other words, someone not directly involved in the company’s operations informed the company of an issue. Also, many of us call this a resume-building opportunity.

I took a quick look at the core operations and assisted the IT team with a hasty inspection. In short, the company owned many security products, employed lots of tools. The board of directors wanted a single variable to surface as the reason for the loss of funds. However, a single smoking gun didn’t exist. The motive was simple: steal money. The success of the theft revealed numerous issues in the company’s execution of technology and associated protective measures. Below, I offer a list of the most common issues that I observe from similar events.

Let’s call these our top 10 habits to avoid data loss.

Continue reading “Ten habits to avoid data loss”