It seems that the more things change in midsize enterprise security, the more they stay the same.
No matter how much ink is spilled on high-profile hacks and data breaches (such as those at Target and Sony) and the attendant reputational and financial consequences, nothing really improves for the potential victims. Sure, we know that the technology and best practices guidelines are out there. In fact, even a small-to-medium business can defend itself well enough to discourage any would-be hacker, at least one who doesn’t want to work too hard for the ill-gotten gains.
But any midsize enterprise, without the executive and managerial willpower to create a regularly refreshed central cybersecurity plan, will face glaring vulnerabilities, most likely on a regular basis. The bad guys don't rest and they are quite creative. And human beings, however well intentioned, are fallible and will commit security errors — and some of them are probably your colleagues. And given that the midmarket and SMB segments don’t have the deepest pockets and widest resources for security fixes, these companies will remain low-hanging fruit for cyber-criminals.
Dangerous Absence of Central Security Plans
There is some institutional entropy at work here. A recent report from the National Center for the Middle Market (an industry trade group sponsored by Cisco and other organizations) underscores the problem. In a survey, researchers found that among midsize companies:
- Just 45 percent had a “regularly updated” cybersecurity strategy
- And 86 percent of the companies prioritized cybersecurity
- While 30 percent claimed cybersecurity was an “important or very important concern”
There seems to be a dissonance between the awareness of the problem and the willingness to do something essential about it. Proactive protection efforts are worth the trouble, even if you never find a hacker's bullseye on your enterprise's back. It certainly is better to err on the side of caution, as a byte of prevention is worth a gigabyte of cure, so to speak.
Exploding World Of Cyber-Threats
Certainly, the threats to the operations and data of the midsize enterprise are quite real and difficult to exaggerate. “As we enter 2017, the threat of a cybersecurity breach has never been more widespread, and the need to be prepared to defend and react to those kinds of breaches is of paramount importance,” states Thomas A. Stewart, executive director of the National Center for the Middle Market, in a press release.
He continues: “Companies of all sizes should be assessing and updating their cybersecurity plans and protocols to ensure they are prepared when — not if — their company is attacked.”
Security Minimum Isn’t Enough
So why aren’t more companies maintaining a centralized and coordinated response plan? It appears that preparedness varied depending largely on industry, indicating legal compliance was clearly a factor. For instance, 61 percent of financial services companies regularly managed a cybersecurity plan; so did 54 percent of health care firms; and 51 percent of retail trade companies did likewise.
In other findings, 61 percent of respondents claim cybersecurity is integrated with in-house IT departments. Another 16 percent claimed investment in outsourced security; and 10 percent of the respondents had a separate in-house budget. Coordination is crucial here to make sure there are no chinks in the cyber-armor.
At the very least, midsize enterprises can inventory all their security efforts, create a central plan, and make the most of existing resources. Because if you are hacked, it won’t matter which industry you are in: You face potential catastrophe. What will matter is the executive will to sponsor a cybersecurity effort, and that can make all the difference imaginable.
Ready to start? For more ideas, you can visit the National Center for the Middle Market’s Cybersecurity Resource Center.