This is an answer to a question submitted to the "Ask me anything (AMA)" program. This AMA channel is designed to support you get clarity to business/tech questions you may have. Periodically, I select a particular response that we feel can benefit the broader community.
Short answer: YES definitely but I would like to qualify why and provide some context.
Using some data points, research from purplesec indicates that:
- Cybercrime grew 600% in 2020/2021
- 43% of cyber-attacks target small businesses, of which 70% are not equipped to deal with such attacks.
- 48% of data security breaches are caused by acts of malicious intent. Human error or system failure account for the rest.
Having spent 15+ years leading digital solutions used by companies to strengthen their ability to monitor manage and secure infrastructure, I may be slightly biased in this.
Security is multifaceted:
- You want to protect from attacks that happen from the outside
- You want to protect from bad things happening from the inside i.e. what your own people/suppliers do that can impact the integrity or your ability to function.
- You may need to show regulatory compliance (e.g. fintech and payments space)
Normally people communicate with leadership using very complicated jargon that means nothing to the business eg. patch management, endpoint protection, firewall, AV, malware, phishing, risk intelligence, password management etc etc. These are pains and not seen as solutions (typically, unless they have already been bitten before…..)
This also means that security means different things to different people.
- The leadership of small businesses think of security in terms of business continuity. I just want to know my data is safe (because I expect it to), and no one unauthorised is accessing it (because I expect it to) and in a way I can provide my services, and communicate with customers.
- The leadership of medium+ businesses think in terms of disruption to productivity, and legal ramifications if they do not meet due diligence in security assets, infrastructure and customer data.
This applies to all types of digital infrastructure, whether you are running solutions in the cloud, on-premise or hybrid. It also doubly applies if you are running a digital transformation process to add value to your business assets and your customer experience:
In the end, it all comes down to the value a business reaps from the effort needed to achieve the desired level of security.
You need to establish a comprehensive framework that enables the proper management of the digital dimension of your business to:
- Keep pace with the expanding digital footprint to do work.
- Balance and manage the costs and risks of cyber threats to your environments and productivity.
- Develop and maintain security policies.
- Enable people to work from any device or location of choice securely while keeping up with modern security demands.
If you are keen to learn more on this, check out this course: