The low concern of companies for IT security.
Why do some companies not care about IT security? and why is it so important for all companies regardless of their size? Find out!
Nowadays on the internet there is a lot of information, e-commerce, digital companies, social networks; among many other things. Therefore; there are many threats and attacks that put at risk all these platforms; including companies already formed. However; there are companies that do not care about the security of their data; according to the results of a research conducted by Deloitte; called Future of Cyber conducted in 2019; this reflected that many cyber organizations face the challenge of their own ability to better prioritize cyber risk across the enterprise. So; throughout this article we will highlight some concepts such as IT security, its importance and some reasons why some companies give low priority to the security of their information.
IT security and its importance
Year after year, cyber attacks continue to grow in terms of frequency, severity and impact; resulting in increasingly inefficient methods for prevention and detection. Many organizations do not know what to do or do not have the necessary resources to combat them. In 2016 alone; the increase in detected incidents affecting information security was 36%.
Likewise; a study carried out in the United States, where it is highlighted that 98% of the intrusions to the systems or technologies of the information are unnoticed and that of the 2% that if they are detected, only 5% are reported. Within companies, information neglect still requires attention.
First we must take into account what computer security is and what its importance is. It is able to define the computer science security like the discipline in charge to raise and to design the norms, procedures, methods and techniques with the purpose of obtaining that a system of information is safe; reliable and mainly that it has availability.
Importance is given to it since the main task of computer security is to minimize risks. In this case they come from many parts; they can be from the data entry, from the way the information is transported, from the hardware used to transmit and receive, from the users themselves and even from the same protocols that are being implemented.
But the main task is always to minimize the risks in order to obtain better and greater security; therefore, data that is exposed in this way has a very high risk of losing much of the information that may be stored; it also runs the risk that this information that is going to be violated may be malicious and used for future attacks; not to mention the loss of capital.
So why are there still companies that do not care about computer security?
It is necessary to consider that different external agents exist by which the companies handle a low attention towards the informatics security; other people’s to the simple fact of the low preoccupation on the part of the organizations. Some of these agents are:
- Low budgets for cybersecurity: The visibility of the cyber risk and information security issue continues to increase, with consolidated information security features and larger budgets. According to the vision of cyber risk and information security executives; there is still a deficit of resources and budgets to be able to cover the needs and requirements of the business. In addition, nearly 60 percent of security professionals say they do not have the budget to combat attacks. Also, the amount that most companies spend on cybersecurity in their IT budgets is usually 10 percent or less; which is not much, according to security company LogRyhthm.
Low budgets for IT security are also a problem in universities. Eighty percent of educational institutions do not have any software installed on their systems to protect against malware violations. And nearly 3 out of 4 schools say money is the main factor in getting adequate protection.
- Low use of KPIs: less than 10% of organizations have a dashboard (KPI) to evaluate cyber risk and information security management. As the Deloitte research explains; having key performance indicators (KPIs) for cyber risk management and information security is a challenge that executives have not yet been able to address. As a counterpart to increased budgets and visibility of information security; organizations need to have indicators that allow them to understand the level of risk they are exposed to and the quality of management. Likewise, these indicators must be not only to facilitate the management of the Area itself but fundamentally to be understood by the business.
Other related reasons
- Low cyber security staff: According to the Deloitte research, 47% of organizations have only 1 to 5 people dedicated to cyber security. The size and amount of human resources dedicated to cybersecurity and risk management is highly related to the size of the organization; how regulated the industry is where the organization operates, and fundamentally the scope and activities that the Area develops. Organizations are turning to third parties to manage certain facets of their cyber operations. According to 65 percent of CISOs surveyed; 21 to 30 percent of total cyber operations are outsourced; and nearly half (48 percent) of CISOs select internal threat detection as a primary function that they rely on third parties to manage.
- Unqualified and outdated security tools: Three-quarters of security professionals do not believe that purchasing all available data security tools will fully protect their organizations; according to Tripwire. But hackers have the ability to easily access that information. Only 40% of institutions implement network protection technologies according to the Deloitte survey.
- Low Cyber-Risk Incident Response Capabilities: Nearly 4 out of 10 organizations do not have specific capabilities; tools or procedures to respond to a security breach. On the other hand, only 1 out of 4 organizations has implemented technology and processes to respond in an orderly and fast manner to the occurrence of a security breach.
After analyzing this information we can conclude that in reality it is not a question of low attention on the part of the companies towards the computer security measures, but that these often present certain limitations that prevent them from being able to develop these security measures. However, we have already learned the importance of keeping these security measures in mind.