IT Security Culture Evolution of Businesses Exposed

Security culture is the behavior in an organization that contributes to the protection of data, information, and knowledge, very useful today in the wake of implementation of Data Protection Laws, like the European’s GDPR. Each individual working for an organization is influenced by several ethical, national and organizational cultures. These cultures have an effect on the way the individual interpret the meaning and importance of information security. The development of a common information security culture for an organization is a huge task and cost for the company. This is because it needs to be based on mutually agreed visible signs, practices and images, values and basic assumptions regardless of the price.

That is basically the summary of the report Gartner, an IT security research firm they published recently. Small and Medium Enterprises are investing for the protection of their customers and themselves, as cybersecurity defense spending across the board increased by 40%. Garner has performed data crunching and statistics that around $USD1 trillion will be spent for cybersecurity defense for 2018 alone. Companies have seen the light, as customer trust, and their entrusted data is worth more than anything else in their expenses list.

“SMB leaders are investing in IT and Gartner forecasts that spending will grow at 3.6% CAGR through 2020. These statistics raise very interesting questions concerning both software buyers and software vendors. One, is how will SMB leaders spend those funds to advance their businesses. And another is how much will software vendors focus on serving the SMB market,” explained Anthony J. Bradley, Gartner’s Group VP for Small Business Leader Research.

Investing with Right Technologies paired with hiring the right people, that is the dominating theme of Gartner’s study. The SME community understands that there is no shortcut to IT security, but does their homework and carry-out a campaign for a better security infrastructure for their enterprise’s networks and computers. “Given these challenges, it is not surprising that over 90% of respondents in the survey listed human resources software, data security, and customer relationship management software as areas of planned investment. It is interesting that “using the right technologies” is number two on the list. Our research indicates that more and more SMB leaders understand the importance of software to their business success,” added Bradley.

The growth of the demand for a more visible security culture highlights the maturity of the business environments and its leaders. It used to be understood that the smaller the business is, the fewer chances of being an actual target of a cybersecurity attack. It is no longer the case, given the speed at which the hacker community improves their instruments, especially non-file damaging penetration of computers using mining malware. Those types of virus happily run in the background without actually destroying the computer or its data, instead just steadily stealing CPU/GPU cycles for mining in the backgrounds.

“In the past, IT was more of an afterthought, an expense to be minimized. It was the tactical means to a more strategic business goal. Now, technology is spawning new business goals, ideas and even new business strategies. According to our research survey, 37% of SMB respondents listed “advances in technology” in their top 3 most significant external factors shaping their business goals. SMB leaders should and are beginning to elevate information technology to the status of strategically critical,” concluded Bradley.