The 80/20 Rule for Small Business Cyber Security
Undoubtedly, the cybersecurity challenge is going to result in an increasing focus and spend on security systems. The question, however, is whether this will reduce the risk.
Let's start with the corporate data center, the Fort Knox of the enterprise, and how we guard its crown jewels. Today, the vast bulk of security spend is on the network — firewalls, IDS/IPS, APT, monitoring, etc. — and it focuses almost exclusively on the internet perimeter. These investments account for over $10 billion in hardware/software spend alone (this amount is doubled or tripled after accounting for the labor involved in deploying and managing this gear).
However, if you look at the challenges of securing data centers and cloud computing, the focus and investments appear completely out of sync. Almost 80 percent of the computing traffic never leaves the data center; 20 percent is the ingress and egress. We put the vast bulk of attention on 20 percent of the risk, leaving the soft chewy inside of the data center pretty much unattended to. Whether it is external threats or insidious inside risks, most data center computing is pretty much wide open
So what are the basic steps companies should absolutely take that are easy/low cost and are no brainers?
How do employees fit into the picture? Explore these and other issues at our next CFO Forum on May 9th at EY in Iselin. Please note our earlier start time, to beat the traffic.