Holistic security sounds like a great plan. But now what?
Security · Mar 22, 2018
There are few things we know unequivocally about security these days.
Breaches are inevitable
According to Malwarebytes’ 2018 Annual Ransomware Report, businesses experienced a 90% increase in attacks in 2017.
Breaches are expensive
In 2017, an IDC study concluded that the average Canadian company experiencing a security breach spent $3.7 million in direct and indirect costs to recover from it.
Breaches are hard to detect
Mandiant M-Trends 2017 highlighted that organizations take an average of 101 days to detect a breach, and attackers typically gain admin access within the first three days of their breach
These statistics continue to alarm IT leaders and business stakeholders across Canada Our federal government is taking steps to protect the public, launching new PIPEDA security breach rules, effective November 1st, 2018. The new rules place more accountability on each business to protect their digital assets, report privacy breaches, maintain a record of all breaches and inform affected individuals.
The good news - organizations are recognizing the importance of security, and they are spending money on it. According to a 2017 Thales Data Threat report, 73% of organizations increased IT security spending in 2017, up from 58% in 2016.
The bad news - despite the increase in spending, the Thales report found that 68% of organizations said they had experienced a breach, with 26% experiencing a breach in the past year – up 5% from 2016.
Spending is up. But so are breaches. What’s going on?
Unfortunately, many organizations are taking a technology-first (and sometimes technology-only) approach to arming themselves against threats. Per IDC, in its January 2018 InfoBrief: A Framework for Effective Cyber Security, technology is only one part of the equation. Fostering a security culture through a holistic approach, which combines technology, processes and people, is a better bet. IDC spotlights the NIST Cybersecurity Framework as a way to structure an effective security program, including solutions to monitor, protect, and detect network intruders, then respond to and recover from the breach.
It’s certainly a strategic approach, and sounds great in theory. But how do you bring it to life? How do you make holistic security tangible in an environment when your IT staff is already stretched thin with other initiatives, or lacks the expertise to create wide-ranging education and prevention programs?
TELUS struggled with that very question. And we tasked our security professionals to solve it. We knew that technology alone could never be the silver bullet responsible for navigating a complex landscape with evolving, menacing threats. We have been talking with our clients about holistic security for some time. Being able to validate our philosophy with IDC’s research and analysis has only steeled our resolve.
We knew there was something missing. A void that had to be filled.
True holistic security requires advanced technologies, skills, management, monitoring and integration. That level of sophistication is often beyond the capacity and budgets of mid-market companies.
Our goal is to change that. We want to help companies amplify and improve how they gain visibility into applications, users and threats, automate breach and threat detection, control employee activity online, combat malware, identify vulnerabilities to better mitigate risk and manage reporting. We want to enable consistent and sustainable security for our clients, without a high cost of buying, and without the need for specialized skillsets to manage a variety of individual solutions.
We’ve taken key components of the different solutions that comprise a holistic framework and integrated them together in comprehensive security bundles. The tools, capabilities and resources that were once considered out of reach are now available, ensuring you can confidently pursue and consistently execute a holistic approach to security.
In the digital era, your employees thrive with anywhere, anytime access to collaboration technology, cloud applications and data. As the workplace evolves to support central and mobile teams with digital solutions, the complete security program put in place to defend a wider footprint of device and application use has never been as important as it is today.
Take the first step toward adopting holistic security in your environment. Learn more about how TELUS security bundles and consulting services give your employees their best opportunity to thrive.