Companies planning for future threats need better data


How do you approach the task of planning your data security strategy for the next year? 

According to a survey by Solutionary, nearly seven out of every eight companies use the global threat reports created by companies like McAfee, Microsoft, Symantec and Verizon to guide their strategies. In addition, almost 80 percent of security professionals use annual threat data to support their requests for budget increases.

This begs the question: Would security executives be better off if they relied on data that was less generic and more specific to their industry, if not their company?

Obviously, people would prefer bespoke information to guide their efforts, but the survey also highlights some needs that could be better addressed by the security companies that issue the reports.

"Nearly nine out of 10 companies that do not currently use global threat reports in their security process would use the documents if there were more guidance on how to garner more budget for their security teams…The most important topic is how to conduct self-assessments and show companies' current weaknesses, according to more than 40 percent of surveyed companies."

In the end, budgeting and acquiring more resources is something of an art form that compliance and security officers will have to develop. In the past few years, one good strategy has been to couch everything in terms of compliance, about which companies have been vigilant.

Now, external risk management--as evidence by the many headlines about breaches--is easing to the fore as a justification. In the end, you basically have to scare people.

For more:
- here's the article

Related article:
Time to get aggressive on security