Cyber Crime Wave: Increased IT Security Spending Vital to Addressing Growing Trend in Middle East
Security Expert discusses how security spending can not only reduce risks but also boost productivity and drive business
September 11, 2012 2:03 by Colin_Saldanha
DUBAI, United Arab Emirates, 11 September 2012: ‘Cost-cutting’ has become a buzzword among corporates in the Middle East today. Security programs are not immune to these cost-cutting decisions and in many instances are among the first to be considered when making budget cuts. The scare tactics of emphasizing the fear, uncertainty, and doubt (FUD) of security risks are no longer seen as rational grounds for procuring security funding and this task is made even more difficult by the general mindset. Security is seen akin to insurance- no one wants to pay for it but everyone is glad to have it when something does occur.
What this then leads to is an industry wide mentality wherein the ‘reactive’ approach to IT security is seen as the accepted norm. Since IT security or rather the lack of it does not provide a tangible, immediate threat to most organizations, it takes something of a worst case scenario to transform it from a secondary consideration to a burning issue. By then of course, the damage has already been done with effects including damage to reputation, loss of productivity and countless hours wasted on recovery and restoration of systems.
And while it takes such large scale attacks to raise enough eyebrows to the issue, the real challenge that CIOs and IT decision makers face is not dealing with such catastrophic events, but rather providing a safe and stable environment which allows employees to go about their day-to-day schedules without interruption.
Stephan Berner, Managing Director at help AG points out that today many CIOs are experiencing a rapidly changing environment where business is demanding more from security – consumerization of IT is usurping control and new architectures are required to address issues of shrinking perimeter, virtualization and web 2.0 technologies. In light of this, now more than ever, organizations need to beef up their security measures and the first step in doing so will inevitably involve building a watertight case for IT security spending. Such an argument should justify the expenditure by focusing on the benefits rather than simply portraying a worst case scenario. Security proposals must be based on the financial and real world impact to the company so that the bottom-line implications of implementing the proposal can be fairly assessed against other priorities.
Reduced Risk for Cost-savings
‘Cost-savings’ is the term that resonates best in board rooms today. Cost-savings from reduced risk can be categorized into savings that arise from reducing the cost of responding to and resolving incidents; and savings in the form of averted losses of business productivity. Any security breach entails an underlying cost as the IT department resolves the issue, restores the environment and conducts a postmortem of the attack.
Along with this, there is the productivity loss that is associated with the breach. As the IT department goes about post-attack procedures, employees and customers are forced to deal with downtime. This obstruction to business can mean significant monetary losses for an organization. Consider for example the average Distributed-Denial-of-Service (DDoS) attack. Research has shown that the victim organization can stand to lose anywhere between $10,000 to $50,000 an hour depending on the nature of the business
New security technologies can help reduce the possibility of attack and furthermore, if an attack does occur, reduce the effort required to get systems back online. By reducing the risk of attack, such an investment will help limit the potential for business productivity losses.
Highlighting the Soft Benefits
Never underestimate the importance of highlighting soft benefits when making a hard business case for a particular IT project. After all, a solid return on investment often extends beyond tangible perks such as a reduction in communication costs and direct cost avoidance. A competitive edge, increased customer satisfaction, improved selling effectiveness, bolstered employee morale – they are all soft benefits capable of delivering top-notch value.
Security Technology as a Business Driver
Currently, security is primarily seen as an overhead rather than a contributing factor to the revenue of the company. Going beyond the basics, the role of security can be seen in a different light. Companies can leverage their security solutions to conduct business in a different and often, more productive manner. A virtual private network (VPN) enables home working. Installing a PCI-DSS compliant security infrastructure allows the business to accept credit card payments. Enterprise mobility security management solutions enable employees to access corporate data from personal devices in a safe and secure manner increasing both employee satisfaction and utilization.
Security as a Selling Point
The savvy CIO can go a step further and create a case for how deployment of new age security solutions can actually add value by and give the organization an edge in its marketing campaign. This is especially true for organizations wherein information security is paramount as is the case with financial institutions. Here, the organizations dedication to the highest level of information security can be worked into the corporate marketing campaign thereby instilling customer confidence.
The main purpose of any new IT procurement is always to drive business and profitability. Like all expenditures, security investments require fact-based justification to gain traction in the boardroom. By highlighting the numerous advantages of increased security spending, CIOs transform the perception of security from that of an operations overhead to a key business enabler.
About help AG
help AG is a strategic information security consulting company, founded in Germany in 1995 and has been present in the Middle East since 2004. help AG provides leading enterprise businesses across the region with strategic consultancy combined with tailored information security solutions and services that address their diverse requirements enabling them to evolve securely with a competitive edge.
Each and every vendor solution help AG presents to a Client has been thoroughly researched and evaluated. help AG is constantly identifying new and innovative solutions to offer to the market through its own in-house research & development laboratory. For more information, please visit www.helpag.com.
Tel: +97150 6400762