How to prioritize security in the last quarter?
We’re in the middle of the last quarter and things are starting to look very busy before the end of the year. Things do get quiet from December, which leaves us with exactly two months to sort out the rest of the year and plan for 2020. When it comes to your business having any leftover budget for the year, consider putting into action a security plan with some of that budget.
It takes an average of 191 days to detect a data breach. The global average cost of a data breach is €3.52 million. Click here
Fortunately, the average cybersecurity budget has also increased; according to Gartner IT security, spending in 2019 grew 8.7% over 2018’s figure. Click here for more details.
Here are 3 top investments to make before the year ends:
Brexit & GDPR
GDPR was a hot topic of interest last year until Brexit took over. A potential deal is still doing the rounds and with a General Election taking place in the UK on 12th December, it is very hard to predict what will occur but it appears that the risk of a hard Brexit has faded somewhat. What is certain is that when (if?!) Brexit happens, the UK including Northern Ireland will become a third country within the meaning of the GDPR. While the amended Political Declaration on the future relationship between the EU and the UK (here) provides that the EU will start assessing the UK in respect of an adequacy decision as soon as the withdrawal occurs and will endeavour to adopt such a decision by the end of 2020, it also caveats this by reference to “the applicable conditions” which have to be met by the UK. Therefore, there is no certainty that the UK will receive an adequacy decision within that timeframe or at all. This lack of certainty creates so much noise around this topic and confusion on where to invest and on what.
There are other methods which can be used to lawfully transfer personal data from the EEA to a third country and these are set out in the GDPR and additional guidance has been given by the relevant regulatory bodies. If you are concerned about the impact Brexit will have on data transfers that are crucial to your business, speak to our subject matter experts for further advice.
Risk Assessment for 2020
A risk assessment helps you identify which risks you face and document the assets you need to protect first. It analyses what impact the risks might have on your organisation, what are the main threats to your system and data and how likely these risks are to occur. From here, you can then prioritize and manage the risks in a structured and meaningful matter. This evaluation will help you plan your security goals for next year. You can take this evaluation to the board level to make them understand the results and consequences from the report.
Detect & Respond to Threats
As mentioned above it takes an average of 191 days to detect a breach but back in 2016 it took an average of 201 days to detect a breach. It takes an average of 66 days to contain a breach, which meant it ranges between 10 to 164 days. Click here
A Security Information Event Management (SIEM) solution is necessary to have in a business. A SIEM contains the following technologies: Log Management Systems, Security Event Management, Security Information Management and Security Event Correlation. A SIEM manages information from combined security infrastructure and controls, a security analyst can watch for security threats in real time, instead of working to secure every single product in the system.
Invest in a security culture and you will start seeing the benefits in the long run. Remember, a business is not going to ‘never’ be a target to an attack that is why the right security posture for your business is important.
It’s not simple and that is why it’s recommended to partner with a third party provider who can help you prioritize your risks and deliver a holistic view of what you need to do step by step.
Speak to our subject-matter experts to stay ahead of the security surface. We provide end-to-end security solutions that will protect your business from attack. Contact Us to discuss your unique requirement.