Check the status of CVEs. Learn More.
Keeping your systems up 100% of the time requires live patching. Our solutions will align strongly with your risk, compliance, and operational uptime requirements.
TuxCare is trusted by the most innovative companies across the globe.
Our partner program is designed with flexibility in mind for partners who are at various stages of their business lifecycle. With financial investment and dedicated resources, you will continue to grow with TuxCare.
Would you like to work with a leader in open source and Linux security that values innovation and partnerships?
Partners receive benefits that are designed to reward the commitment that they have made to the sale of our products and services.
Learn about TuxCare's modern approach to reducing cybersecurity risk with Blogs, White Papers, and more.
Continually increasing Cybersecurity, stability, and availability of Linux servers and open source software since 2009.
TuxCare provides live security patching for numerous industries. Learn how TuxCare is minimizing risk for companies around the world.
Follow Us on Social
Security operations is a critical element of the enterprise technology environment – but it can sometimes be left behind as organizations focus on adopting the latest technology solutions.
In a year like 2020 where there is so much change in the way work is performed and technology is delivered, security operations (or SecOps) can simply be left to the side – not getting the investment it needs.
SecOps is rarely neglected on purpose – it is more a matter of resources, where organizations small and large put security concerns on the backburner, instead spending funds to invest in new technology, or something else.
But that can be a counter-productive approach, as ignoring or neglecting the threat landscape can turn out far more costly than a modest and sufficient investment in SecOps. In other words, improving your SecOps can save you money – keep reading to find out why.
1. SECOPS IS BECOMING INCREASINGLY CRITICAL
2. The clue is in the numbers
3. A lack of concern and preparation
4.THE RISKS AND COSTS OF NEGLECTING SECOPS
5. Real-world examples of costly breaches
6. A breakdown of the risks
7. WHAT YOU NEED TO DO TO GET SECOPS RIGHT
8. FIX YOUR SECOPS, SAVE MONEY
Technological improvements carry a range of benefits – new features, higher efficiency, and so forth. Yet technology can be vulnerable to security flaws, and the more an organization relies on technology the more vulnerable it becomes to malevolent actors that try to take advantage of these vulnerabilities.
It Is not difficult to find evidence that points to an explosion in vulnerabilities. Consider the numbers quoted on the National Vulnerabilities Database. Through the last ten years, the vulnerabilities reported every year has hovered from 4,000 through to 8,000 per year.
But that changed rapidly – and it changed roughly around 2017. That year alone, there was a huge spike in the vulnerabilities that were reported – it reached 14,000. This high level was maintained in subsequent years and in 2020 more than 18,000 reports were made.
Every one of these vast numbers of vulnerabilities can lead to a possible breach. After all, cybersecurity company Imperva suggests that nearly half of the flaws found in software have an exploit that’s available to the public – and available to hackers.
That includes more than 170 vulnerabilities found in the Linux kernel in 2019 alone. It’s not just a matter of statistics: there is a real risk associated with each of these vulnerabilities, even where an exploit is not yet public.
It’s clear that IT security issues and vulnerabilities are becoming a larger and larger problem. Take this report, for example, which shows that computer security threats grew fast right through 2020. Organizations can find it difficult to keep up – in part because SecOps is just one more demand on a finite pot of IT resources.
It is also true that for many organizations security risks are invisible risks – the state of cybersecurity only becomes a visible problem once a breach has occurred, and once a visible loss is suffered. It is a dangerous money-saving approach and it comes down to gambling on being lucky enough to avoid getting hacked.
With threat actors increasingly using automation to try and find vulnerable organizations this gamble is ill-advised. Often it is not even a matter of resources, in fact, it is merely that cybersecurity strategies are ignored.
Here is a simple example. The Ponemon Institute found that 60% of the victims of a successful cyberattack were victim because of an avoidable error: failing to patch a known vulnerability which had a perfectly effective patch.
There are several reasons why an organization’s cybersecurity posture can be lacking in key aspects:
It is not that organizations ignore the threat of cybersecurity, but a lack of resources, clashing priorities, and leadership that’s not sufficiently focused on cybersecurity can all work in concert to mean that SecOps doesn’t get treated with the necessary.
Some of the reasons outlined above tie in strongly with cost management – and cost management is not an unreasonable priority. But the risks created by neglected SecOps can have very real costs that are much larger than the money saved by trimming SecOps budgets.
From the direct losses realized by a cyberattack through to reputational damage and costs related to failed compliance, the costs of a breach can be huge.
It is summarized clearly in the 2020 IBM Cost of a Data Breach Report – the company found that the typical cost of a breach is USD 3.86m, while companies typically spend up to 280 days to try and identify and contain a cyberattack.
Before we break down the possible risks and costs of cyber breaches, let’s take a look at some real-world examples that illustrate how organizations can end up spending vast sums to remediate a cyber breach.
First, in 2019, Capital One suffered a cyberattack that involved more than a hundred million Capital One customers. The cost, for Capital One, was estimated to be over USD 100m, and as much as USD 150m.
Another incredibly expensive example involved Yahoo where in 2016 the company had to admit that hackers breached its cyber defenses. This single attack affected more than three billion Yahoo accounts and the data that was stolen ranged from names to birth dates and contact details.
When Verizon later purchased Yahoo the company paid hundreds of millions less than it would have due to the reputational damage done to Yahoo.
It is not just a matter of something valuable being stolen in a breach – the risks of a cyber breach go far beyond that. Here are just some of the key problems companies face when they fail to take SecOps seriously enough:
One successful breach can all add up to a sum of money that completely exceeds the investment required to run a consistent, complete, and solid cybersecurity operation. Will this breach ever occur? That is a different question – but the risks are nonetheless very real and present.
First and foremost, trying to save money by cutting cybersecurity budgets is never a good idea. We have comprehensively illustrated how cyber-attacks can be incredibly costly – to the extent that an organization ceases operations.
It is essentially a false economy, a saving that is nothing but an illusion. Good SecOps is not prohibitively expensive, so the most important part is to get the SecOps budget right.
Well-funded SecOps is, of course, both a strategic and a practical matter. Here are a few strategic points you need to get right for cyber-secure operations:
That said, SecOps is not just about strategy. SecOps is essentially a practical matter, and we suggest you direct funding to ensure that you tick the following SecOps tick boxes:
These strategic and practical measures will boost your SecOps – without breaking the bank.
It sounds like a strange argument at first. After all, boosting cybersecurity operations will require a lift in expenditure. However, we have made it clear how security risks can turn into very costly breaches.
There is a chance that your organization never suffers from cybercrime, but that chance is increasingly slim if your organization does not run fit, optimal SecOps. Instead, spending too little on cybersecurity increases your risk so much that chances are your organization will spend more cleaning up a cyber breach than it ever would have spent on SecOps.
So, allocate the funds you need to and use all the cybersecurity tools at your disposal – from leadership and culture to software tools such as vulnerability scanners and live, automated patching.
TALK TO A CYBERSECURITY EXPERT
Stay updated with the latest news and announcements from TuxCare.com
We continue to look at the code issues that cause...
Catastrophic risks such as natural disasters and indeed cyberattacks require...
In a symphony orchestra, instruments harmonize to create one pleasing...
We are pleased to announce that a new updated ePortal version...
We are pleased to announce that a new updated KernelCare agent...