<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=522217871302542&amp;ev=PageView&amp;noscript=1">

The Economics of Cybersecurity: 10 Ways to Tell if Your Company Is Operating Below the Security Poverty Line

Posted by Christopher Parisi on Sep 1, 2017 12:00:00 PM

The term “The Security Poverty Line,” has been used as early as 2011. The concept is becoming more and more of a conversation point when talking with information security professionals, especially those who have very limited budgets due to the size of the business or C-Level executives who don’t have ownership responsibility of the data that’s in their possession. Companies that must meet government regulatory compliance metrics often find themselves “security poor” and unable to afford the security they need to pass compliance requirements. These requirements may be satisfied through certain security upgrades or policies, but security professional must remember that compliant and secure aren’t necessarily synonymous.

The list of security measures that can be taken to satisfy regulatory or best management practices can be overwhelming, and the implementation of security needs to be treated in the same manner as auditing security readiness in a sectionalized, multi-layer approach. On a more simplified level, see if any of the following 10 statements pertain to your customers’ organizations. If they do, a serious dialogue about security needs and expenditures must be opened with all departments and levels of management. Unfortunately, in smaller businesses the cost of securing data and systems may cost more than the value of the data itself. In smaller sections, the costs are less intimidating and change may be easier to achieve than doing a massive security refit of an enterprise business solution. So now pause to examine your customers’ network, security personnel, and security policies to see if any of these statements are cause for concern.

  1. Your customers’ security appliances are End of Life (EOL) and can no longer be updated with current software or firmware.
  2. Recommended settings for data encryption, WLAN, and authentication methods aren’t available on their current access points, VPN solutions, or mobile devices.
  3. Security requirements and minimum hardware requirements for security appliances and security software, such as endpoint protection, are beyond the scope of servers, PCs, or mobile devices.
  4. Critical network devices such as gateways, firewalls, and WLAN access points aren’t eligible for any support extensions or upgrades and are no longer supported by the manufacturer.
  5. Business critical data can be removed, copied, or changed on servers or endpoints without any type of logging or prevention methods on the network such as a Data Loss Prevention (DLP) solution.
  6. Their systems repeatedly fail compliance scans and penetration testing even after repeated remediation attempts with existing equipment and infrastructure.
  7. Your customers’ security personnel is having a difficult time keeping up with the proper configuration and management of their equipment, and no one is “watching the wire” or reviewing logs to see if security measures are making an impact or if attacks are occurring.
  8. Network policies for “threat avoidance” are put in place at times of high threat or as a defense against new threats due to lack of security safeguards. (For example: avoiding the use of a particular browser or program due to a newly discovered vulnerability or lack of defense ability.)
  9. Absent or outdated disaster recovery plans, data restoration procedures, or routine data backup testing and data restoration drills that are logged and dated.
  10. The repeated and accepted action of shutting down business-critical applications, servers, or networks for extended periods of time to avoid a possible breach leaving customers without access to their resources or commerce disruptions.

A “yes” to any or all of these statements indicate that your customers’ organizations are living below the Security Poverty Line. When avoidance becomes an acceptable practice to managers of an organization, liability and customer dissatisfaction increases. Helping reduce Security Poverty requires the involvement of all departments that depend on the availability of network resources to conduct business. Often serious deficiencies can be resolved by policy change, training, and reconfiguration of existing resources. Integration of new technology with legacy systems without compromising security is critical when running a successful business.

Here at Tech Data, we have the knowledge and people to help you navigate the challenges and needs of your business. Together we can keep your customers up and running with secure solutions designed to help you both grow. Let us provide you with useful tips and talking points on how to invest resources wisely to bring your customers above the Security Poverty Level.

For more information on Tech Data and the security services we offer, visit techdata.com/techsolutions/security or contact us at securityservices@techdata.com or 800-237-8931, ext. 73246.

Sources:

http://idoneous-security.blogspot.com/2011/12/security-poverty-line-and-junk-food.html

https://authanvil.com/blog/five-ways-to-rise-above-the-security-poverty-line

http://www.healthcareitnews.com/news/75-health-orgs-live-below-cybersecurity-poverty-line

https://www.rsa.com/content/dam/rsa/PDF/closing-the-gap-on-breach-readiness-ebook.pdf

 

Tags: Security, Cybersecurity, economics