Simple question, difficult answer.
Security could cost nothing, but end up costing you everything.
COVID-19 has changed the IT landscape. Suddenly, security audits focused on offices and infrastructure are barely valid anymore. A large part of the workforce needs to work from home with full access to company systems. The change looks very similar to moving from managing your own servers and data centres to adopting a cloud infrastructure. But the change brings with it new challenges. Attack vectors have expanded and there are many more paths in – not just work laptops and smartphones, but unpatched home routers and networked devices could become entry gates to company systems for unauthorised users.
Recent examples of Twitter hacks have shown that no company is 100% secure and a changed landscape requires a changed approach to securing work environments and investment in technology and security.
However, coronavirus has hit the bottom line of many businesses. Costs are being cut and security seems to be an area where savings are being made. IT costs can appear to be an easy target. There may be fewer dedicated sysadmins to patch servers, and fewer developers writing and maintaining code, but the systems still run.
So what’s the problem?
The problem is that neglecting security could create a ticking time bomb. The activities mentioned above are essential maintenance. When things can go wrong, sooner or later they will. Already struggling businesses may be hit at the worst possible time. Once a business has been compromised, its partners and suppliers will also be at risk. Busy hospitals have already been hit by ransomware. If they are crippled by hackers, lives will be put at risk.
How much does security cost?
The answer is that security is a necessary investment – a cost of doing business – that needs to be aligned to the risks in the data that is to be protected. These risks and threats are likely to be evolving – and in many areas increasing – as a result of the pandemic. If companies reduce their commitment to information security at this time, then they could be putting their business in danger.
It could cost you everything.