When it comes to cybersecurity, many businesses aren’t as prepared as they should be. A survey conducted by Gartner (NYSE: IT) revealed although 95% of CIOs expect cyber threats to increase in the coming years, only 65% have a cybersecurity expert on staff.
Not having a cybersecurity expert doesn’t necessarily mean an organization is not adequately protected, but as threats get more sophisticated, having an expert on staff is extremely important. Still this may not always be possible for many organizations.
What If You Have No Cybersecurity Expert on Staff?
For the vast majority of small businesses having an expert on staff is not an option. This requires coming up with creative and innovative solutions to protect the digital presence of a company, even with a limited budget.
This is because cybercriminals never rest and, according to Gartner, operate in ways organizations struggle to anticipate. Rob McMillan, research director at Gartner, explains this particular challenge in the press release announcing the survey results.
McMillan says, “In a twisted way, many cybercriminals are digital pioneers, finding ways to leverage big data and web-scale techniques to stage attacks and steal data. CIOs can’t protect their organizations from everything, so they need to create a sustainable set of controls that balances their need to protect their business with their need to run it.”
The Gartner 2018 CIO Agenda Survey was carried out in 98 countries with the participation of 3,160 CIOs. Even though these CIOs represented large organizations, there are lessons small businesses can learn from the survey.
Lessons From the Survey
One of the key lessons from the survey comes from McMillan who says, “Security investments must be prioritized by business outcomes to ensure the right amount is spent on the right things.”
As a small business, you have to be meticulous when it comes to spending your security budget. There are no one size fits all solutions in the marketplace. You have to take into consideration the industry you are in, regulatory compliances you might have to abide by, the service providers in the sector and more.
And just as you examine your company, you must also scrutinize the service provider you choose. The Gartner survey says there is a cybersecurity skills shortage. So whether you are going to hire a full-time employee, freelancer or a company, you have to do your due diligence to ensure they are qualified.
In addressing the shortage of skills and finding qualified talent, McMillan recommends, “Finding talented, driven people to handle the organization’s cybersecurity responsibilities is an endless function.”
The survey also indicates the growth of your company will introduce more vulnerabilities.
New vendors, suppliers, contractors, and even staff can all be new vectors for attack. And the risks they introduce in many cases are not addressed until it is too late.
More than anything else, the survey indicates cyber threats are an ongoing problem ad must be addressed accordingly. This requires being proactive and always vigilant no matter what size your business is.
Photo via Shutterstock