My wife doesn’t work in the technology industry, but she asked me about the recent ransomware attack on the city of Atlanta. Apparently, it was all over the radio during the hour-long commute to her job that day.
She asked whether the attack occurred because of employees accessing Facebook or Google from their city computers. I explained that while that can happen, security lapses usually occur because organizations think that security is a one-and-done proposition. However, nothing could be further from the truth.
We work with companies all the time that are reluctant to spend what’s necessary to secure their websites, servers and workstations. But should their systems be hacked or held for ransom, they will spend exponentially more to remediate the problem than to fix it in the first place.
Think about it this way: Once you buy a new car, do you need to spend any more money on it? If you want to keep your car looking and running its best, of course you do. There are oil changes and car washes, preventive maintenance and the occasional new set of brakes or tires. All of
those costs are just part of owning a vehicle.
But especially in the institutional sector, I often hear people say that they just spent $120,000 or some such amount on a technology project, so they’re done. Of course, that’s not true.
It’s not only the pace of business that companies need to keep up with. Companies also need to keep pace with those who want to do the business harm, stealing proprietary information or taking a company’s data hostage.
According to reports, auditors told Atlanta officials months ago that its IT department was vulnerable to an attack just like the one that occurred. Besides the ransom amount, think about the money being spent on remediating the risk, not the mention the loss of reputation as the city
remains in the top 20 potential sites for Amazon’s second headquarters.
The latest Gartner data security report indicates that organizations designate about 5.6% of their total IT spend toward IT security and risk management. I’m not sure what the city was spending,
but I’m confident it’s nowhere near 6%.
The Gartner report also shows that IT security spending varies from 1% to 13%, which means that some companies are not taking data security seriously. Those on the high end of the scale could be in industries like healthcare or banking where data protection is critical to consumer
But whether you’re a small business with a few workstations or a Fortune 500 company, you must protect your data—and Overwatch Technology can help. From remote monitoring to strategic guidance on how to maximize your IT security spend, our experienced consultants work with you to determine your technology needs, aligning those to your business and process strategies. At an absolute minimum, you must protect your websites and network infrastructure with a firewall and each server and workstation with strong virus and malware protection that is monitored and updated frequently.
For the city of Atlanta, the ransomware attack is an embarrassment, but city operations will continue. If your business was attacked, could you say the same thing?