As a company with a reputation for building mission-critical IT systems for the defence and aerospace industries, Thales has an understandable interest in IT security spending.
Which is why I was surprised to find myself reading a report (http://www.thalescyberassurance.com/white-papers.htm) commissioned by the company which suggested businesses may be spending too much on IT security by over-protecting non-sensitive data.
Depending upon your company's appetite for risk" she explains "no data is ever considered as non-sensitive.
Ross Parsell, director of cyber strategy at Thales UK, warns that, while the volume and scale of cyber-attacks show no signs of slowing down, there is a danger that resources are sometimes assigned to areas that do not need them.
This idea that IT departments might be spending too much on the wrong things got me thinking: could the average enterprise do better, and be more secure, while spending less?
Paying out
A great deal of the overspend argument depends on what organisations class as 'non-sensitive data', explains Logica's business consulting cyber security lead, Cheryl Martin.
"[In certain companies] No data is ever considered non-sensitive," says Martin. "Cyber criminals earn their keep from obtaining and reselling the most innocuous piece of information which, with careful company grooming, could be used to pull together an in-depth view of the targeted organisation and individuals".
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Capita tells pension provider to 'assume' nearly 500,000 customers' data stolenCapita told the pension provider to “work on the assumption” that data had been stolen
-
Gumtree site code made personal data of users and sellers publicly accessibleNews Anyone could scan the website's HTML code to reveal personal information belonging to users of the popular second-hand classified adverts website
-
Pizza chain exposed 100,000 employees' Social Security numbersNews Former and current staff at California Pizza Kitchen potentially burned by hackers
-
83% of critical infrastructure companies have experienced breaches in the last three yearsNews Survey finds security practices are weak if not non-existent in critical firms
-
Identity Automation launches credential breach monitoring serviceNews New monitoring solution adds to the firm’s flagship RapidIdentity platform
-
Neiman Marcus data breach hits 4.6 million customersNews The breach took place last year, but details have only now come to light
-
Indiana notifies 750,000 after COVID-19 tracing data accessedNews The state is following up to ensure no information was transferred to bad actors
-
Pearson fined $1 million for downplaying severity of 2018 breachNews The SEC found the London-based firm made “misleading statements and omissions” about the intrusion
