InfoSec Spending Way Up; 3 Free Things To Do

Dec 22, 2016 | Security-GRC | 0 comments

From local banks to big businesses, investing more in the war against cyber criminals is becoming a priority. More and more Financial Services companies are making information security a top priority. Infosecurity Magazine released a report finding financial service companies are 300 times more likely to be hit by security incidents compared to other industries.

That increased focus has come with increased spend. Consider Bank of America, which in 2015 spent $400 Million in cybersecurity and J.P Morgan Chase which just recently lifted its cybersecurity budget from $250 million to $500 million.

But not all CFOs are willing to invest. That doesn’t make the threats any less real. We asked ASMGi CISO for some no or low cost ideas that will meaningfully help any company’s security profile. He suggests:

  1. Educate your employees: Investing more in people and processes and less in technology, maximizes technology investments. You might have purchased a good tool for malware prevention but it usually takes a seamless process and understanding of the product to maximize its value.
  2. Review your access controls: You don’t need to invest in technology to do this. Check out your controls and ensure the right people are permitted to access the right information.
  3. Perform an IT risk assessment: Ask questions and document your findings. If you have the right expertise, it can be done in-house. Outside help is generally low-cost.

These low-tech solutions are a vital piece of any Information Security program, but they can often be ignored for the technologies that may take more time and expertise to use.

View/Add comments

Related Posts

Navigate the blog

Data Centricity

ASMGi discovered long ago that the importance of data transcends trends, hype or new approaches. That holds true in security, software development, IT Services, Marketing Systems Software and certainly in the Cloud. Our blog may touch each of our practice areas, but in the end, it's always about the data.