Staying Above the Cybersecurity Poverty Line

As today’s ongoing competitive pressures and economic challenges continue to strain business operations, tens of thousands of organizations now find themselves sitting below what’s known as the cybersecurity poverty line (CPL). Originally coined by a Cisco executive in 2011, the term characterizes a dangerous threshold below which firms accrue mounting risk from a lack of essential cybersecurity measures.

Existing below the CPL creates an endless loop of inadequate cybersecurity resources and multiplying security gaps–a perpetual game of catchup trying to protect IT systems against vulnerabilities and critical cyberthreats. Let’s examine the challenge and how a more cost-effective and data-centric approach to cybersecurity can keep even small and medium-sized enterprises (SMEs) safely above the CPL.

Below the Cybersecurity Poverty Line: A Downward Spiral of Risk

To start, we should take a step back to the dictionary definition of “poverty” to see why this is the appropriate way to characterize the challenge many companies face in acquiring sufficient cybersecurity protection. While the word is most often used as a socioeconomic term, the Oxford Dictionary also defines poverty as “the state of being inferior in quality or insufficient in amount.”

The cybersecurity poverty line is the point where security resources become so insufficient that the organization suffers a downward spiral of degraded visibility and added risk, which can lead to more breaches and disruptions, all of which creates more vulnerabilities and risk for the organization.

Many of these organizations are small businesses, local governments, public schools and other institutions that lack the necessary resources and expertise to protect themselves.

In fact, an Accenture report found 43% of cyberattacks are aimed at SMEs, but only 14% of these organizations are adequately protected against such attacks. Unfortunately, the impacts can be devastating; research shows these cybercrime instances helped drive 60% of SME victims out of business within six months after the attack.

Adopting a Cost-Effective, Data-Centric Approach to Cybersecurity

Given that budget-straining economic and competitive pressures won’t let up anytime soon, organizations must learn to squeeze more protections from the same levels of cybersecurity investment. Fortunately, these organizations can embrace new data-centric security models to embed security at the essential data level–enabling more comprehensive and cost-effective protection of sensitive files, systems and infrastructure.

Unlike more conventional perimeter-centric security models that focus on protecting only the applications and data that organizations possess internally, data-centric security is a strategic and economical way to protect sensitive data regardless of where it resides or who it’s been shared with externally. At the granular data management level, this is carried out by placing protective “wrappers” of encryption around data objects, thereby safeguarding those objects wherever they reside. Such wrappers contain everything needed to safely configure and manage each digital asset – including any predefined security and access controls.

The genius of the data-centric approach is that it embeds this logical, standardized framework for data discovery, classification and tagging very early on (or “upstream”) in development life cycles so that security is baked into “downstream” collaborative workflows like email, file sharing systems and SaaS platforms. This saves money, time and countless human hours trying to fix system misconfigurations and close security gaps. In the process, the data-centric approach allows organizations to easily and economically extend a zero-trust mindset of “never trusting, always verifying” beyond the four walls of the enterprise—beyond all the endpoints of employees and internal users—to include all third-party vendors, partner organizations and customers or constituents.

Conclusion

When properly implemented and aligned with other cybersecurity best practices such as identity access management, network perimeter security and other common strategies and tactics, a data-centric approach can make cybersecurity programs more proactive, effective, affordable and easy to manage.

With the assurance that security is embedded down to the deepest data levels, the data-centric approach can lift even SMEs far above the cybersecurity poverty line.

Avatar photo

Rob McDonald

Rob McDonald is the SVP, Strategy and Field CPO and an advocate of safeguarding data across new applications and data-sharing workflows. Prior to Virtru, Rob was the CIO for several Acute Care facilities and Denovo Healthcare development teams. His significant expertise in the healthcare industry earned him a spot in Becker’s Review as a 2013 and 2014 Top 100 Healthcare CIOs. Rob has also consulted with corporations to help them assess their current information security position and develop a plan to not only mitigate the discovered technical shortcomings but more critically to raise security awareness amongst their employees. Rob holds a Bachelor of Science degree in Computer Science from the University of Texas at Dallas and is a perpetual student of technology, information security, and privacy practices.

rob-mcdonald has 1 posts and counting.See all posts by rob-mcdonald