Let’s be honest: most businesses think that IT security is a bit of a tax. You know you have to pay for it (especially when compliance is involved) but you certainly don’t relish the prospect. Security drains budget from other initiatives and it gets in the way of people doing their jobs.
(And for SMBs in particular, there’s often the mistaken belief that they don’t need to invest in security, because attackers mostly go after big enterprise targets).
Sorry to say, but that attitude has to change. Here’s the truth:
1) Security does add value.
If you’re thinking of security as a tax, or even as a purchase made purely to stop bad things happening, you’re missing the point. Think about all the things you can do when you’re confident in your security:
- You can partner and share data with other organisations, knowing that your privacy policies are enforced, and that they can trust you
- You can enable your employees to work from anywhere and take confidential project information with them, knowing that sensitive data is protected.
- You can experiment with IoT, public cloud and other transformative technologies that can help your business innovate, knowing that it won’t compromise your safety.
In other words, security doesn’t have to be a barrier to getting work done; it’s actually a key enabler of the digital transformation that you’re engaged in. It’s a currency of trust.
2) Security is something you do, not just something you buy.
Great, so security adds value… let’s buy some, then?
Hold on a minute. Security technologies — firewalls, email scanners, antivirus and antimalware, etc — are of course important to protecting your business. But security is not a problem you can just throw money at and rely on technology to solve.
Every study shows that it’s people and process that account for the majority of security vulnerabilities, whether it’s social engineering attacks or poorly configured networks.
To put it another way, the vast majority of cybersecurity risks facing your business could be mitigated simply with some basic cybersecurity training for staff, and basic process enforcement such as using hardened configurations and making sure IT devices are regularly patched.
3) You have options
But who is going to be building your policies, configuring those technologies, training your workforce? If you’ve tried to recruit for a security expert recently, you’ll know that they’re in short supply, and they command a salary premium that you may not be able to stomach.
Don’t worry, you are not alone — and you have options. Whether it’s training up your existing IT teams to increase their cybersecurity expertise, or bringing in project-based support or managed services providers, there are ways to get the headcount and skills you need.
We’ve worked with IT analysts Ovum to research how businesses today perceive security, what the future holds, and how to do it right — including what you can do to tackle the talent gap. Check out the report here for key insights and data points.
About the AuthorFollow on Linkedin More Content by Ant Newman