Discuss how companies and organizations are securing their information systems. What tools are they using? What is the cost of securing information systems? What is the cost of not securing information systems? What are the most effective techniques of securing information systems? What are the least effective techniques of securing information systems?
Discuss how companies and organizations are securing their information systems.
Due to the vast number of vulnerabilities from company to company, investment into proper security tools for information systems is now necessary to ensure protected operations and data.
What tools are they using?
These investments lead to implementing tools such as digital firewalls, intrusion detection and prevention systems (IDS/IPS), backups, and authentication controls. Firewalls can be digital or physical but are always meant to filter traffic to prevent unauthorized access. IDS/IPS are controls for finding and/or blocking malware before it enters the system. Backups help store older and current information so that in the event a breach does occur, it is easier to recover the damage. Authentication controls like two-factor and multi-factor authentication can be simple implementations that, while tedious, can prevent many easy intrusions into an information system.
What is the cost of securing information systems?
Now, while implementing security tools can be beneficial for any organization, there is still a substantial cost to implement and maintain them. The cost of securing information systems can change based on the size of the organization but with outsourced cybersecurity services, it can range from $2,000-$3,500 a month. When using in-house resources, a good IT budget is around 10% for cybersecurity for a good range of flexibility.
What is the cost of not securing information systems?
Despite the significant cost that cybersecurity can have on a business, there’s an even greater price when there are no controls and a breach occurs. Damages have continued to increase over the years due to many organizations still having poor security posture. The average cost of a data breach can be upwards of 4.45 million dollars, which can be a sizeable dent for large businesses, or the end for medium or small businesses.
What are the most effective techniques of securing information systems?
This then calls for the most effective techniques to be utilized when securing information systems due to the much larger cost of there being no protection. Some effective techniques take the form of encryption, proper employee security training, strong passwords, and investing in a virtual private network (VPN). Encryption can secure data by making it unreadable for many people, and security training can be effective by educating people, which is the biggest factor for breaches. Stronger passwords also prevent easy access along with VPNs creating a safe tunnel for information to travel through.
What are the least effective techniques of securing information systems?
In contrast, the least effective techniques for securing information systems may include security controls, but use of ones that cannot do enough to protect an organization. Organizations also may have no controls at all. Ineffective techniques include easy password conditions, single-factor authentication, and no redundancy with the backend of an information system. Having easy password conditions makes insider threats or brute-force attacks much more common. Single-factor authentication can take the form of passwords or a single credential that if compromised, leaves the information system susceptible to attacks. Redundancy is about adding more layers to a system to better protect it, and a lack of redundancy can create a single point of failure that still leaves the system vulnerable.
With that said, there is ample reason for organizations to invest in effective security controls to protect their information systems due to how lower-quality tools can still leave systems susceptible, and a complete lack of tools can cost them millions of dollars if a data breach were to occur.
https://www.vc3.com/blog/managed-cyber-security-services-cost