Recently, the international research and
advisory company Gartner, Inc., predicted global corporate spending on IT security will
increase 12.4% this year over 2018 to roughly $124 billion.
The driver of all this spending growth? Security
risks, business needs and industry changes.
"Security leaders are
striving to help their organizations securely use technology platforms to
become more competitive and drive growth for the business," said Siddharth Deshpande, research director at Gartner. “Persisting skills shortages and regulatory changes like the EU’s Global Data Protection Regulation (GDPR) are driving continued growth in the
security services market."
An increased focus on building detection and response capabilities, privacy regulations such as GDPR, and the need
to address digital business risks are the main drivers for global security
spending through 2019.
We agree, which is why we advocate companies
of all shapes and sizes across industries apply the Cybersecurity Framework developed by the National Institute of Standards and
Technology (NIST). The NIST framework encapsulates a thorough, structured
approach to managing cybersecurity holistically according to five tenets:
The last three of these five principles
provide what NIST calls “opportunity for future improvement” – especially the
“Respond” stage, which emphasizes planning, communications, analysis,
mitigation and process improvement.
How can you translate NIST’s direction into
action? In his post, Robinson recommends starting with your mindset. Conduct
cybersecurity response planning according to these three keys, in this
your organization’s definition of “good security” –
“Technical experts may have a good understanding of potential pitfalls,
but business unit employees may only have a gut feel that things are not
as they should be,” Robinson says. “In a new corporate setting where these
different groups collaborate more than ever on technology strategy, a
common definition of secure practices is a crucial first step.”
appropriate “triggers” for changing security –
“Too often, businesses assume that the absence of catastrophe indicates
adequate security,” explains Robinson. “Instead, decision makers must be
educated on the correlation between IT architecture changes and security
- Consider the breadth of the “threat landscape” – Per Robinson, companies tend to place
emphasis on the most recent and more familiar types of attack. Your approach,
however, must include a more sophisticated risk assessment.