make a good business better

Blog Information Security

Print Divider Print Divider Branding
 

The Business Case for a Better Network Security Toolkit

06/07/2016  |  By: Jason Riddle, CISSP, President, Information Security

Share

Social Logo Social Logo Social Logo Social Logo

If you’re on the front line in your IT department, you probably know how vulnerable your network is to attack. In fact, you may find yourself putting out these types of fires all the time. You’re also probably aware that there’s a better way—and you may even know how much that way costs.

What if your upper management team is resistant to allocating funds for a more sophisticated network security solution? Well, you’re not alone. Many companies are hesitant to invest the amount needed to deploy a comprehensive security monitoring and response capability. After all, why should they? For the most part, the network is up and running every day. People are getting their work done. And you seem to be managing just fine. Little do they know.

Justifying the expense.

With all of the factions competing for a company’s budget, it’s tough to convince the powers that be to allocate resources for adequate network security. And yet, IT departments are expected to keep the network running smoothly—on a tight budget and with a limited headcount. As long as nothing breaks, the IT department goes largely unnoticed. But when a cyber attack disrupts day-to-day operations, compromises customer data or literally shuts down the network, suddenly everyone takes note of what’s going on in that back- office computer room. And not in a good way.

One persuasive argument would be to use someone else’s bad news so that you can have appropriate network security resources in place before a malicious attack happens to you. Fear can be quite persuasive, and it’s possible that upper management hasn’t yet considered what the impact of a severe attack might be. When major breaches hit the news, everybody starts thinking about it, and it’s often a good time to broach the subject.

Impacting the bottom line.

At first glance, it may not appear that investing in a network security monitoring capability will have a direct impact on revenues—which is one reason you might be having a tough time selling the idea. (Of course, the losses that occur as a result of a serious breach can climb into the hundreds of thousands, yet it’s easy to fall into the ‘it won’t happen to us’ trap.) But increasingly, customers are demanding assurance that their data will be handled securely.

People have gotten more savvy about the safeguards that need to be in place in order to protect their data. If someone is shopping with you, providing you with personal information or conducting any kind of confidential transaction with your organization, he or she is more likely to demand evidence that you do indeed have adequate network security in place. If customers are hesitant to engage with you because they aren’t confident that your network is secure, the lost business will begin to have a measurable impact on revenues.

All the proof you need.

We find that the best way to build a business case for a network security monitoring capability is an in-house demonstration of how exposed a company’s network truly is. Companies are discovering that their networks are already corrupted to some degree—and that nobody even knew. That should get the attention of senior management. As you well know, nothing builds a business case better than cold, hard facts.

Check out our free guide, Breach: Network Security Best Practices for Prevention, Detection, and Response, for more information on ensuring the safest network security for your firm.

On LinkedIn or Twitter? Follow us on LinkedIn and on Twitter at @lbmcsecurity. breach_CTA-1