September 9, 2021
In late December of 2020, Mindsight’s Cybersecurity Practice Lead and vCISO Mishaal Khan said something he’d said many times before and that he continues to say over and over again to anyone who’ll listen. In short: Too many companies, SMBs especially, are woefully unprepared to withstand cybersecurity attacks — even as they mount and grow more sophisticated.
According to Verizon’s 2021 Data Breach Investigations Report, “Last year, small organizations accounted for less than half the number of breaches that large organizations showed. Unlike most political parties, this year these two are less far apart with 307 breaches in large organizations (819 incidents, 307 with confirmed data disclosure) and 263 breaches in small organizations (1,037 incidents, 263 with confirmed data disclosure).”
So why don’t company leaders take more proactive measures more often?
“Part of it has to do with organizations thinking they won’t become a victim,” Khan said, “so that tends to have a reactionary effect. The other reason is they think a security program is going to be costly, but that’s a misperception. In fact, the lack of security is going to cost them more. They also think it’s going to involve complexity, but what they don’t realize is there are experts, partners like Mindsight that can help them understand that complexity and make it simpler.”
That’s especially important considering the ongoing IT talent shortage, especially in the cybersecurity sector. Too much work and too few qualified professionals have driven up salaries and created a dangerous security void that criminals are more than happy to exploit to the tune of trillions of dollars.
“The worsening skills shortage comes as companies are adopting breach-prone remote work arrangements in light of the pandemic,” VentureBeat reported in July. “In its [annual Cost of a Data Breach] report, IBM found that the shift to remote work led to more expensive data breaches, with breaches costing over $1 million more on average when remote work was indicated as a factor in the event. By industry, data breaches in health care were most expensive at $9.23 million, followed by the financial sector ($5.72 million) and pharmaceuticals ($5.04 million). While lower in overall costs, retail, media, hospitality, and the public sector experienced a large increase in costs versus the prior year.”
This recent Forbes rundown illustrates just how dire the situation is. It’s chock-full of eye-opening statistics from various reputable organizations. But one in particular — from a survey done by IDG Research Services — stands out: “Nearly 80% of senior IT and IT security leaders believe their organizations lack sufficient protection against cyberattacks despite increased IT security investments made in 2020 to deal with distributed IT and work-from-home challenges.”
Here’s a slightly more impolitic way of saying that: Ignorant complacency and myopic frugality are a dangerous combination.
“Small businesses are not immune to cyber attacks and data breaches and are often targeted specifically because they often fail to prioritize security,” BullGuard CEO Paul Lipman has said, echoing Khan’s sentiments. “Caught between inadequate consumer solutions and overly complex enterprise software, many small business owners may be inclined to skip cybersecurity. It only takes one attack, however, to bring a business to its knees.”
Even if you can afford to hire a team of in-house cybersecurity experts, chances are the talent won’t be available to you — or only at a steep cost. According to recent CNN reporting, “the US Bureau of Labor Statistics projects “information security analysts will be the 10th fastest growing occupation over the next decade, with an employment growth rate of 31% compared to the 4% average growth rate for all occupations.” Considering that, the talent shortage is expected to continue indefinitely.
Many organizations can’t afford to hire a chief information security officer (CISO) given their hefty price tag (anywhere from $250,000 – $350,000 annually including benefits). That’s why IT providers like Mindsight have made virtual CISO’s (vCISO) available to their clients. At a fraction of the cost, a Mindsight vCISO can help augment cybersecurity skills gaps by providing on-demand direction, planning, implementation, and maintenance. You get the security expertise you need when you need it including routine testing of your environment, solution development, budgetary analysis, awareness training – among other critical benefits. And you won’t have to worry about turnover. You’ll have peace of mind and top-notch protection for your most sensitive data.
“We keep getting bombarded with news about data breaches and end up thinking, ‘Well, we can’t do anything to protect ourselves,” Khan said. “But that’s wrong. We can. And we should.”
Mindsight, a Chicago IT services provider, is an extension of your team. Our culture is built on transparency and trust, and our team is made up of extraordinary people – the kinds of people you would hire. We have one of the largest expert-level engineering teams delivering the full spectrum of IT services and solutions, from cloud to infrastructure, collaboration to contact center. Our customers rely on our thought leadership, responsiveness, and dedication to solving their toughest technology challenges.
About The Expert
Mishaal Khan, Mindsight’s Security Solutions Architect, has been breaking and – thankfully – rebuilding computers for as long as he can remember. As a Certified Ethical Hacker (CEH), CCIE R&S, Security Practitioner, and Certified Social Engineer Pentester, Khan offers insight into the often murky world of cybersecurity. Khan brings a multinational perspective to the business security posture, and he has consulted with SMBs, schools, government institutions, and global enterprises, seeking to spread awareness in security, privacy, and open source intelligence.