Sep 19, 2014
The list of potential culprits is long: Cyber criminals, hackers, rogue governments, competitors, terrorists/freedom fighters, disaffected current and former staff, not to mention whoever was behind the denial of service attack on Sony’s PlayStation Network and Sony Entertainment Network and a bomb threat to an American Airlines flight carrying the president of Sony’s online entertainment unit… The bad guys are out to get you and the odds are that they will. Throw in Mother Nature, and the problem isn’t if, but when disaster will strike — and then what do you do next? For most large organizations, the answer to the last part appears to involve prayer. Unfortunately, this is neither the time nor place to seek divine intervention.
A recent report from Gartner predicts information security spending will grow almost 8% (to $71.1 billion) this year, or about four times more than the average growth of the entire IT market in 2014. According to Gartner this security splurge can be largely attributed to last year’s democratization of security threats, driven by the easy availability of malicious software (malware) and infrastructure (via the underground economy) that can be used to launch advanced targeted attacks. “This has led to increased awareness among organizations that would have traditionally treated security as an IT function and a cost center,” said Gartner research director Lawrence Pingree.
The IT vendors certainly seem to be paying attention to the growing security challenges — or at least the growing security budgets:
Around the same time as these vendor announcements, Gartner was officially recognizing the business continuity/disaster recovery (BC/DR) space with its very own Magic Quadrant for Business Continuity Management Planning Software. The research company said that business continuity management planning (BCMP) software is the key tool used to manage the business continuity management (BCM) program process — from risk assessment to business impact analysis (BIA), through recovery plan development, exercising, and invocation. The 2013 BCMP market was valued at $162 million, a jump of 24% on the 2012 market. Given the increased focus from government agencies, regulators, and private-sector preparedness initiatives, Gartner anticipates that adoption will continue to grow in the next five years to well over 51%.
Unfortunately, this may well be a case of too little, too late. “After analyzing 10 years of data, we realize most organizations cannot keep up with cybercrime — and the bad guys are winning,” said Wade Baker, principal author of Verizon’s 2014 Data Breach Investigations Report.
According to the most recent DBIR:
The bottom line is that most organizations are gambling that they won’t be one of the unlucky few that suffer an IT misfortune, and the odds are in their favor. However those odds also include the fact that only 6% of the victims survive. So having a comprehensive and regularly tested BC/DR capability in place sounds like good business to me.