Saying all types of companies have the same information security concerns because they face common threats and vulnerabilities is like saying all cars are alike because they have four tires.
The security - as well as regulatory compliance - issues enterprises grapple with differ dramatically based on their industry. As we’ve seen in recent years, the types of attacks companies face and the sources of those attacks can vary depending on their line of business.
Sure, there are basic security commonalities among all types of businesses. Virtually all companies are vulnerable to computer viruses and other malware. Many verticals are seeing a rapid growth in the use of mobile devices and in the security threats they represent. And internal security breaches can happen at any organization, whether it sells shoes or builds rocket ships.
But when you look closely at different industries, you will see some clear delineations in terms of the security and compliance challenges they need to address. Many value-added resellers (VARs) and managed services providers (MSPs), have customers in multiple industries, and knowing the various security concerns and needs of different types of businesses is vital to serving them well.
Over the coming weeks we’ll be examining the security and compliance issues specific to industries such as financial services, healthcare, retail, manufacturing, education, insurance and utilities.
We’ll look at why certain types of companies might be vulnerable to certain types of attacks, and cite some examples of the kinds of security breaches they have faced recently. We’ll also provide a rundown on some of the regulatory issues they need to address that have a direct affect on their security technologies and policies.
By knowing what keeps security and risk management executives in certain industries awake at night, VARs and MSPs have an opportunity to offer solutions and services that can address those concerns. One size definitely does not fit all when it comes to providing security solutions, and keeping that in mind will help channel partners deliver optimal service to all kinds of customers.
Before getting into the first of the series of vertical focuses in the next post, let’s take a look at some newly released numbers from research firm Gartner Inc. that give a good indication of how important cyber security has become for all types of organizations.
The firm says worldwide spending on information security will reach $71.1 billion in 2014, a rise of 7.9% over 2013. The data loss prevention segment showed the fastest growth at 19%, according to the forecast. Total information security spending will grow a further 8.2% in 2015 to reach $76.9 billion.
The firm says the increasing adoption of mobile technology, cloud services, social media and information (often interacting together) will drive use of new security technology and services through 2016. What Gartner calls this “Nexus of Forces” is having an impact on security in terms of new vulnerabilities, says Gartner research director Lawrence Pingree. It’s also creating new opportunities to improve effectiveness, particularly as a result of better understanding security threats by using contextual information and other security intelligence, he says.
A major trend that emerged in 2013 was the democratization of security threats, driven by the easy availability of malicious software such as malware, and infrastructure components that can be used to launch advanced targeted attacks. This has led to increased awareness among organizations that would have traditionally treated security as an IT function and a cost center, Pingree notes.
By 2015, about 10% of overall IT security enterprise product capabilities will be delivered in the cloud, Gartner predicts. A significant number of security markets are being affected by newly emerged delivery models, and this is resulting in the growth of cloud-based security services, which are transforming the way security is supplied and consumed by organizations.
While cloud-based services' competitive pricing puts pressure on the market, the firm says, the cloud is also providing new growth opportunities, as some organizations switch from deploying on-premises products to cloud-based services or cloud-managed products. More than 30% of security controls deployed to the small or midsize business (SMB) segment will be cloud-based by 2015, Gartner predicts.
Another key finding is that by 2018, more than half of organizations will use security services firms that specialize in data protection, security risk management and security infrastructure management to enhance their security postures.
Many organizations continue to lack the appropriate skills they need to define, implement and operate appropriate levels of data protection and privacy-specific security controls, the report says. This lack of skills leads organizations to contract security consulting firms that specialize in data protection and security risk management to address regulatory compliance demands and enhance their security postures.
Surely, there’s a big role for MSPs and VARs to play here. Beginning in the next post, we’ll explore how they can address security needs in specific industries.