“Security costs money, but it is an investment in the company's well-being – ensuring that a cyber-attack is not able to affect business continuity and cost the company money,” said David Emm, senior security researcher at Kaspersky Lab. “Unfortunately, budgets can only stretch so far – particularly during a recession. And some IT managers clearly feel that spending is insufficient to properly secure their business. That is why it is essential for businesses to carefully manage the resources they have available for optimal effect.”
Please see below for further advice and comments from David Emm, senior security researcher at Kaspersky Lab, on how to plan a security strategy:
This should start with a corporate security policy, one that is tailored for the needs of the business, not a one-size-fits-all 'best practice' template. It is important to assess the real risks to the business – rather than rely on speculative numbers that are sometimes published on the average costs to a business of malware infection or some other kind of attack.
It is also important to be able to measure security across the company – after all, you cannot manage what you cannot measure. To start with, this is the only way to provide a compelling case for IT security spending within the business. In addition though, it will enable IT managers over time to see any gaps within the company's defences.
Here are the key building blocks of a security policy:
- Assess the risks
- Establish policies & procedures
- Create an outbreak response plan
- Deploy appropriate security solutions
- Define an update & patch strategy
- Document the policy
- Develop a staff awareness strategy
For further information please go to: http://www.kaspersky.co.uk/beready