Cyber inequality crisis is weakening our global defences
By Deryck Mitchelson, Field CISO EMEA, Check Point
The disparity in cyber defense budgets is significantly contributing to a deteriorating security landscape. A vast chasm exists between nations and businesses that have the financial power to implement advanced cyber security technologies and those that do not.
As a result, when financially well-resourced groups engage partners and suppliers that have more limited IT and security budgets, risks to business disruption and supply chain increase, putting absolutely everyone at greater risk of a breach.
Together, we need a focus on “leveling-up” that affects change, otherwise the global economy is in the favor of cyber criminals.
Unpacking cyber inequality
A large enterprise in a developed country may be able to easily spend 12-15% of its budget on cyber security annually. In contrast, the average healthcare organization can commit only 4-7% of its budget to cyber security. Some healthcare organizations, particularly in developing countries, don’t even have the money to invest in additional nurses or doctors, and can barely afford medical purchases. To think that they have surplus resources available for cyber security is almost ludicrous, despite healthcare being the third most frequently attacked sector, with life-impacting consequences.
Twenty-percent of schools can only afford to commit 1% or less to cyber security per year. Some organizations simply have very little money to work with. And that means that they’re extremely vulnerable to cyber threats. Yet education is the most attacked sector globally.
It's difficult to tell fiscally stretched organizations that they need to spend 15% or more of their budget on cyber security. That’s not a reasonable option. However, if inroads aren’t made around this issue, if we continue to languish with our response, less well-resourced organizations will continue to get breached and we will all be impacted by the consequences
In turn, these organizations will continue in a downward spiral, as they also can’t afford to employ more or better cyber security staff. On top of that, organizations both within such ecosystems and outside of them become inherently more vulnerable. It’s an issue that eventually impacts every organization and our globally inter-connected ecosystem.
Redressing cyber security inequality
Much innovation is needed in order to address cyber inequality and the problems that it presents.
Some of that innovation should take the form of operational collaboration across nations, industries, and sectors. It might be that the private sector needs to lend more expertise to the public sector, so that the public sector can strengthen its cyber security programs in ways commensurate with current realities.
Cyber security vendors must also take an innovative approach. Vendors need to make sure that there are different product tiers available, as to begin allowing us to ‘level-up the playing field’ rather than forcing the implementation of less effective solutions
Recommendations: Resource-limited groups
First, CISOs need to understand exactly what security technologies they already have in-place. They need to recognize their existing capabilities. That means understanding not just what they have, but where overlap exists. Duplication is financially wasteful.
Second, CISOs need to understand how existing tools function. Are they providing the right levels of efficacy across the most critical corporate assets? Or is the security too rudimentary and not providing the required level of protection?
Subsequently, CISOs need to see how they can consolidate existing tool-sprawl into something simpler. Something that not only reduces duplication and elevates security, but that also reduces operational overhead and other costs. CISOs can then make the business case for moving forward differently.
CISOs with limited resources can consider purchasing security through pay-as-you consume enterprise models, which should make it cheaper to consume security services. Get higher efficiency at a lower cost-base.
It’s also worth noting that select enterprise agreements, like those offered through Check Point, scale down really well. Minimum numbers of users can be surprisingly low, and investing in tools like Check Point Infinity can mean extensive and robust new security capabilities – cloud protection, endpoint protection, device protection and ‘everything else’ protection in one effective security platform. Enterprise-grade security is now affordable for public sector and SMB.
Further thoughts
As artificial intelligence tools drive up threats, particularly in areas like phishing, ransomware and deepfakes, all organizations need to increase offensive cyber security capabilities. Basic protections are no longer enough.
For the moment, leaders need to maneuver rather innovatively around the obstacle that is limited cyber security resources. But there are ways to do so, as discussed earlier. Closing cyber security gaps that exist because of cyber inequality is imperative.
In the way that a single vulnerability can engender a harmful ripple effect across organizations and ecosystems, heightened levels of security can yield favorable outcomes across organizations and ecosystems.
Prioritizing cyber security not only shields against risk, but it also lays the foundation for progress, prosperity and a peaceful society.