SlideShare a Scribd company logo

Failure is not an option

WGroup
WGroup

This document discusses mid-sized businesses being at risk to a cyber attack and stresses the importance of having the proper securtiy measures in place. Taking steps to build robust security into the organization can be challenging for those on a relatively limited budget. In order to meet these challenges, companies must implement the right strategies to minimize risk in a cost-effective way.

Technology
1 of 13
Download to read offline
Drive Your Business Failure Is Not an Option Protecting a mid-sized company from IT security threats
2 ©2015 WGroup. ThinkWGroup.com Executive summary Today, all organizations must contend with the possibility that they could become the targets of a malicious cyber-attack. The threat of breach to mid-sized companies grows with each passing year as more valuable information and mission-critical applications are handled by IT and stored on public-facing servers. Medium-sized businesses struggle to meet the challenges presented by these risks as they may lack the security budget of larger organizations but still be a valuable target for attack. This can put them in a uniquely dangerous position. In order to reduce their risk and contend with the possibility of attack, mid-sized companies must learn to stretch their budget and implement procedures that give them the greatest security benefit-to-cost ratio. Mid-sized companies are at risk In order to properly prepare for the possibility of breach, companies must understand the repercussions of a failure to do so. Cybercrime is reaching all-time highs, and many attackers are targeting smaller organizations that may not have the same defensive abilities as larger targets. Attackers can steal sensitive information, cause downtime, and destroy systems. This can lead to losses ranging up into the millions. No company that relies on IT for any mission-critical function can afford to ignore the risk posed by these threats. Managing risk with a limited budget Even if an organization recognizes that they must take steps to reduce the risk of a breach, they may not know where to begin doing so. Mid-sized companies must have a structured plan in place to ensure that they are maximizing the effectiveness of their budgets and taking action to protect their assets with the greatest efficiency. These plans should be built using a five-pronged approach: • Identifying threats • Identifying security needs • Updating enterprise- security architecture • Creating a breach detection and response plan • Deploying your strategy
3 ©2015 WGroup. ThinkWGroup.com For many businesses, IT security might be relatively low on the priority list. Most organizations are more concerned with growing and deploying their products and services than with protecting their IT infrastructure from malicious attack. This mentality is driven by a belief that most attackers are only interested in high-profile targets and that the company doesn’t actually have anything valuable to steal. There is growing evidence, however, that organizations of practically every size are routinely targeted for attack. The repercussions of those attacks can be great. What is at stake? Attackers are targeting mid-sized businesses Today, more mid-sized businesses are being targeted for IT attacks than ever before. Attacks on firms with 2,500 employees or less rose 61% in 2013 alone, while attacks on larger firms slightly decreased in the same time period.1 Clearly cybercriminals are singling out smaller businesses, but why? One of the likely reasons that attacks on mid-sized companies are increasing is that the use of IT for a wide range of applications and services has grown exponentially. More smaller businesses than ever before are using IT services to store and share data, communicate, automate systems, and perform basic business tasks. Today, practically every company uses IT in some capacity, and its role in the workplace is constantly expanding. This growth increases the range of targets that attackers can exploit. In the past, many mid-sized company may not have kept sensitive electronic data; now nearly all do. As more new functionality and applications trickle their way down from the largest firms to smaller firms, medium-sized business become significant targets of cyberattack. More businesses use vulnerable technology
4 ©2015 WGroup. ThinkWGroup.com Of course cybercriminals aren’t only attacking mid-sized businesses. They also routinely target individuals, government agencies, small businesses, and multinational conglomerates. As annual losses to organizations from computer hacker theft approach $445 billion, cybercrime is increasing by almost any metric.2 Stealing financial information, intellectual property, and other data can be very good business for attackers, and many have joined their ranks seeking profit. The attackers are also becoming more sophisticated. Some security experts estimate that as many as 80% of attackers are affiliated with organized crime.3 Malware and other attack tools are becoming much more readily available. The much publicized shutdown of Darkode, an online marketplace for stolen information and malicious software, showed the extent of the cybercrime industry, and the site likely will be replaced quickly by similar sites. Despite the best efforts of law enforcement worldwide, cybercrime is unlikely to dissipate in the foreseeable future. Cybercrime is growing Perhaps the most important reason why attacks on mid-sized companies are growing is that many remain relatively easy targets compared to larger corporations. Most mid-sized businesses have much smaller InfoSec budgets than large companies. Most do not employ a range of specialized personnel or invest in technology to ensure that their data, applications and systems are protected. This leads to inadequate defenses and can cause serious financial losses. One recent analysis of data breaches found that two-thirds of breaches remain undiscovered for months or more.4 This clearly indicates serious security deficiencies in many companies. Mid-sized companies are easier targets
5 ©2015 WGroup. ThinkWGroup.com Mid-sized companies need to do more to protect themselves from IT security threats, but how can they increase the effectiveness of their defense strategies without drastically increasing their budget? Better security begins with effective strategy. Businesses working on a limited budget must put forth extra effort planning for their needs and identifying ways to make their resources do more to protect them. Secure strategy with a limited budget Identify potential threats1 Before drafting a comprehensive security strategy for a mid-sized business, it is important to start by identifying potential threats. This helps your company focus on the most likely targets and attack scenarios, giving the greatest possible protection for invested resources. Talking to other enterprises, consultants, the IT department, and outside groups can help provide information about what kinds of threats might affect your company and what can be done to address those risks. Questions to ask include: Companies in certain industries are much more likely to be subject to some form of attacks than others. For example, those in the financial industry are likely to have customers’ private information or other financial data stolen. Similarly, those developing new intellectual property are likely to have that information targeted. Identifying the most valuable assets of your business can help create a priority list for security measures. What threats affect my sector?
6 ©2015 WGroup. ThinkWGroup.com Understanding what kind of attacks are threats is a critical first step in identifying ways to make IT more secure.  Although ingenious breaches involving multiple stages, password decryption and various attack vectors can happen, the most common forms of attack are much simpler, relying primarily on victim inexperience. Most malware is deliberately installed by unaware users led to believe that it is anti-virus software or a necessary update. Most passwords are collected through simple phishing scams in which users unwittingly give away their information to those in the guise of authority.5 Understanding what kind of attacks are a threat to your business is a critical first step in identifying ways to make IT more secure. What attacks are most common?
7 ©2015 WGroup. ThinkWGroup.com Identify security needs2 With information garnered from analyzing potential threats to your business, you can begin formulating a list of necessary requirements to protect against those threats and secure the company. This helps your business further prioritize the agenda and build a roadmap for action. Questions that businesses should ask themselves include: Some data, services, systems, and applications are more important to your business than others. Losing access to an in-house messaging application may be inconvenient and cause some loss in productivity, but it is not likely to have as much impact as an e-commerce website going down or customers’ private data being stolen. With this in mind, it is critical for the budget-minded organization to treat each item separately, with more effort and resources going to protect those that are most valuable. What is mission-critical? Some data, services, systems, and applications are more important to your business than others. Losing access to an in-house messaging application may be inconvenient and cause some loss in productivity, but it is not likely to have as much impact as an e-commerce website going down or customers’ private data being stolen. With this in mind, it is critical for the budget-minded organization to treat each item separately, with more effort and resources going to protect those that are most valuable. What are our compliance needs? Every business has different risk tolerances and different policies in place to secure information and protect against attack. Any information security plan must be aligned with broader business goals in order to gain support from other areas of the company and to ensure that it is effective. What are corporate policies and goals?
8 ©2015 WGroup. ThinkWGroup.com Security can be better enforced by strictly regulating the connections between zones and grouping devices.  Update enterprise-security architecture 3 Policies form the basis for strong enterprise-security architecture. They give guidance to employees and form a roadmap for building and maintaining systems. For these reasons, it is absolutely critical that policies be comprehensive, modern, and effective in the real world. What network-security policies are in place? At the foundation of an effective security strategy is solid enterprise-security architecture. It is important to carefully evaluate your architecture and identify ways to make it more robust in order to ensure that the network, servers, applications, and services in your business are safe. Key topics to consider include: Organizations must analyze their network topology, their use of wireless APs, and other foundational building blocks of the network and identify areas in which it could be made more secure. For example, companies need to build in separations by creating trusted areas, semi-trusted areas, and untrusted areas. By strictly regulating the connections between these zones and grouping devices into related groups, you can better enforce security policy and prevent unauthorized access to data. Is the network built securely? Third-party vendors are a greater part of IT than ever before. With the range of cloud- based services available, many companies use outside solutions for storage, computing, infrastructure, disaster recovery, and a wide selection of other activities traditionally performed in-house. This can greatly complicate the security architecture of a company. Integrations and access between the vendor and the core network must be made secure and IT must make sure that the vendor’s own security practices are aligned with business security needs. What role do third parties play?
9 ©2015 WGroup. ThinkWGroup.com Create a breach detection and response plan 4 In the event of a breach, it is extremely important that companies act quickly to prevent damage to systems or loss of information. However, many businesses have an extremely limited ability to address breaches if they do occur. In order to mitigate risk and create a more secure IT organization, companies must have systems and personnel in place to stop breaches, identify APTs, prevent further attacks, and repair any damage that has been done. In the event of a breach, many parties must be notified. IT management must first be notified so they can address the breach and ensure that its damage is limited, other business leaders must be informed so they can determine how the breach will affect their activities, and the public may have to be informed if the breach involves a loss of personal information. Companies should have systems in place to control the prompt and accurate distribution of these notifications to limit the potential negative impact of the incident. Prepare notifications Many mid-sized companies struggle to respond to breaches effectively, or even detect that they occurred. In 2013, as many as 71% of companies that experienced a breach did not detect the incident themselves.6 A lack of large budgets restricts IT’s ability to hire personnel specialized in responding to cyber-attacks. For this reason, many organizations choose to use a third-party security service that can help them detect and respond to incidents. These companies employ highly trained individuals who can quickly put a stop to a breach and often identify the attackers. This can be an invaluable addition for companies lacking the budget for a full-time security team. Consider third-party help Hackers may destroy systems, take services offline, or cause general havoc with IT systems. In order to ensure that this does not lead to disastrous losses in productivity or data, it is important that companies have an effective recovery plan in place. This should include provisions for data recovery, server redundancy, and forensics to help identify the attackers. Have a disaster recovery plan in place
10 ©2015 WGroup. ThinkWGroup.com Deploy your strategy5 Once an effective strategy has been developed, the company must take action to deploy it. This will be an extended process, including the initial changes and the ongoing maintenance and operations that it requires. If the information security strategy was properly developed, it should take into account the needs of the entire organization, not just the IT department. This should make it relatively simple to make the case to other business leaders that the provisions required by the strategy are absolutely necessary. Getting support across the company can help ensure that the necessary resources can be allocated and that the organization will adhere to the defined procedures and objectives. Make a case to business leaders Most corporate security breaches can be traced back to an attacker exploiting an uninformed employee. That’s why employee education is one of the most important steps in deploying effective security measures. Everyone in the company must be made aware of proper protocols and understand the importance of protecting passwords and other sensitive information. Educate employees Security strategies should not be static documents. They must be constantly evaluated and revised based on their performance. Companies should keep detailed records of the types and frequency of attacks they experience, how effective their defenses were, where attacks originated, and other related data to refine their strategies and make them more efficient. Evaluate and revise
11 ©2015 WGroup. ThinkWGroup.com Effective security is a critical component of the IT organization at any mid-sized company. However, taking steps to build robust security into the organization can be challenging for those on a relatively limited budget. In order to meet these challenges, companies must implement the right strategies to minimize risk in a cost-effective way. Summary Key thoughts: • Mid-sized companies face an ever-growing threat of breach. • The cost of ignoring security threats can be devastating. • Many smaller companies struggle to take the steps necessary to properly protect themselves. • Budget-minded companies must take a thought-out approach to security that emphasizes key objectives and prioritizes actions that will be the most effective. • Most security breaches are caused by an employee mistake. Education and training are critical parts of security. • Any security strategy should be regularly evaluated to ensure it is cost-effective and that it addresses the latest threats. If you would like to learn more about this and other issues facing the modern CIO, visit thinkwgroup.com/insights 
12 ©2015 WGroup. ThinkWGroup.com References [1] http://www.informationweek.com/government/cybersecurity/cyber- attackers-target-small-midsized-businesses/d/d-id/1278632 [2] http://www.bloomberg.com/news/articles/2014-06-09/cybercrime- remains-growth-industry-with-445-billion-lost [3] http://deloitte.wsj.com/cio/2015/05/12/security-expert-marc-goodman-on-cyber-crime/ [4] http://www.verizonenterprise.com/resources/reports/rp_data- breach-investigations-report-2013_en_xg.pdf [5] http://www.infoworld.com/article/2616316/security/the-5- cyber-attacks-you-re-most-likely-to-face.html [6] https://www.trustwave.com/Resources/Global-Security-Report-Archive/
Drive Your Business Founded in 1995, WGroup is a boutique management consulting firm that provides Strategy, Management and Execution Services to optimize business performance, minimize cost and create value. Our consultants have years of experience both as industry executives and trusted advisors to help clients think through complicated and pressing challenges to drive their business forward. Visit us at www.thinkwgroup.com or give us a call at (610) 854-2700 to learn how we can help you. 150 N Radnor Chester Road Radnor, PA 19087 610-854-2700 ThinkWGroup.com

Recommended

11 things IT leaders need to know about the internet of things
11 things IT leaders need to know about the internet of things 11 things IT leaders need to know about the internet of things
11 things IT leaders need to know about the internet of things WGroup
 
Clound computing
Clound computingClound computing
Clound computingWGroup
 
Starting small with big data
Starting small with big data Starting small with big data
Starting small with big data WGroup
 
Negotiating Better Solutions with IT Partners
Negotiating Better Solutions with IT PartnersNegotiating Better Solutions with IT Partners
Negotiating Better Solutions with IT PartnersWGroup
 
Management model for exploratory investment in IT
Management model for exploratory investment in IT Management model for exploratory investment in IT
Management model for exploratory investment in IT WGroup
 
Your business and the internet of things
Your business and the internet of thingsYour business and the internet of things
Your business and the internet of thingsWGroup
 
Governance and relationship management
Governance and relationship management Governance and relationship management
Governance and relationship management WGroup
 
State of Cloud 2016 - WGroup Industry Report
State of Cloud 2016 - WGroup Industry ReportState of Cloud 2016 - WGroup Industry Report
State of Cloud 2016 - WGroup Industry ReportWGroup
 

Recommended

11 things IT leaders need to know about the internet of things
11 things IT leaders need to know about the internet of things 11 things IT leaders need to know about the internet of things
11 things IT leaders need to know about the internet of things WGroup
 
Clound computing
Clound computingClound computing
Clound computingWGroup
 
Starting small with big data
Starting small with big data Starting small with big data
Starting small with big data WGroup
 
Negotiating Better Solutions with IT Partners
Negotiating Better Solutions with IT PartnersNegotiating Better Solutions with IT Partners
Negotiating Better Solutions with IT PartnersWGroup
 
Management model for exploratory investment in IT
Management model for exploratory investment in IT Management model for exploratory investment in IT
Management model for exploratory investment in IT WGroup
 
Your business and the internet of things
Your business and the internet of thingsYour business and the internet of things
Your business and the internet of thingsWGroup
 
Governance and relationship management
Governance and relationship management Governance and relationship management
Governance and relationship management WGroup
 
State of Cloud 2016 - WGroup Industry Report
State of Cloud 2016 - WGroup Industry ReportState of Cloud 2016 - WGroup Industry Report
State of Cloud 2016 - WGroup Industry ReportWGroup
 
Rethink IT strategy
Rethink IT strategyRethink IT strategy
Rethink IT strategyWGroup
 
Increasing project success rates using project behavioral coaching
Increasing project success rates using project behavioral coachingIncreasing project success rates using project behavioral coaching
Increasing project success rates using project behavioral coachingWGroup
 
IT Strategic Sourcing Can Relieve the Squeeze on Healthcare
IT Strategic Sourcing Can Relieve the Squeeze on HealthcareIT Strategic Sourcing Can Relieve the Squeeze on Healthcare
IT Strategic Sourcing Can Relieve the Squeeze on HealthcareWGroup
 
Understanding Automation and Autonomics
Understanding Automation and AutonomicsUnderstanding Automation and Autonomics
Understanding Automation and AutonomicsWGroup
 
Common pitfalls in portfolia management
Common pitfalls in portfolia managementCommon pitfalls in portfolia management
Common pitfalls in portfolia managementWGroup
 
15 attributes of leaders in IT outsourcing
15 attributes of leaders in IT outsourcing15 attributes of leaders in IT outsourcing
15 attributes of leaders in IT outsourcingWGroup
 
ReThink IT - IT Must Transform
ReThink IT - IT Must TransformReThink IT - IT Must Transform
ReThink IT - IT Must TransformWGroup
 
The M&A Playbook for IT
The M&A Playbook for ITThe M&A Playbook for IT
The M&A Playbook for ITWGroup
 
Strategies to Address Regulation in Sourcing
Strategies to Address Regulation in SourcingStrategies to Address Regulation in Sourcing
Strategies to Address Regulation in SourcingWGroup
 
IAOP OWS 17 Leveraging Outsourcing to Modernize While Maintaining Applications
IAOP OWS 17 Leveraging Outsourcing to Modernize While Maintaining ApplicationsIAOP OWS 17 Leveraging Outsourcing to Modernize While Maintaining Applications
IAOP OWS 17 Leveraging Outsourcing to Modernize While Maintaining ApplicationsWGroup
 
The data ecosystem
The data ecosystemThe data ecosystem
The data ecosystemWGroup
 
Why sourcing speed is critical
Why sourcing speed is criticalWhy sourcing speed is critical
Why sourcing speed is criticalWGroup
 
Agile based project management
Agile based project managementAgile based project management
Agile based project managementWGroup
 
A prescription for saving money case study
A prescription for saving money case studyA prescription for saving money case study
A prescription for saving money case studyWGroup
 
Next generation IT outsourcing and the global enterprise model (GEM)
Next generation IT outsourcing and the global enterprise model (GEM)Next generation IT outsourcing and the global enterprise model (GEM)
Next generation IT outsourcing and the global enterprise model (GEM)WGroup
 
Multi-supplier governance
Multi-supplier governance Multi-supplier governance
Multi-supplier governance WGroup
 
Indirect procurement
Indirect procurementIndirect procurement
Indirect procurementWGroup
 
Best-in-class vendor management office
Best-in-class vendor management office Best-in-class vendor management office
Best-in-class vendor management office WGroup
 
Five principles for improving your cyber security
Five principles for improving your cyber securityFive principles for improving your cyber security
Five principles for improving your cyber securityWGroup
 
Five ways to develop a successful outsourcing contract
Five ways to develop a successful outsourcing contractFive ways to develop a successful outsourcing contract
Five ways to develop a successful outsourcing contractWGroup
 
How to select the right sourcing advisor
How to select the right sourcing advisorHow to select the right sourcing advisor
How to select the right sourcing advisorWGroup
 
IT outsourcing is not about cost savings
IT outsourcing is not about cost savingsIT outsourcing is not about cost savings
IT outsourcing is not about cost savingsWGroup
 

More Related Content

Viewers also liked

Rethink IT strategy
Rethink IT strategyRethink IT strategy
Rethink IT strategyWGroup
 
Increasing project success rates using project behavioral coaching
Increasing project success rates using project behavioral coachingIncreasing project success rates using project behavioral coaching
Increasing project success rates using project behavioral coachingWGroup
 
IT Strategic Sourcing Can Relieve the Squeeze on Healthcare
IT Strategic Sourcing Can Relieve the Squeeze on HealthcareIT Strategic Sourcing Can Relieve the Squeeze on Healthcare
IT Strategic Sourcing Can Relieve the Squeeze on HealthcareWGroup
 
Understanding Automation and Autonomics
Understanding Automation and AutonomicsUnderstanding Automation and Autonomics
Understanding Automation and AutonomicsWGroup
 
Common pitfalls in portfolia management
Common pitfalls in portfolia managementCommon pitfalls in portfolia management
Common pitfalls in portfolia managementWGroup
 
15 attributes of leaders in IT outsourcing
15 attributes of leaders in IT outsourcing15 attributes of leaders in IT outsourcing
15 attributes of leaders in IT outsourcingWGroup
 
ReThink IT - IT Must Transform
ReThink IT - IT Must TransformReThink IT - IT Must Transform
ReThink IT - IT Must TransformWGroup
 

Viewers also liked (7)

Rethink IT strategy
Rethink IT strategyRethink IT strategy
Rethink IT strategy
 
Increasing project success rates using project behavioral coaching
Increasing project success rates using project behavioral coachingIncreasing project success rates using project behavioral coaching
Increasing project success rates using project behavioral coaching
 
IT Strategic Sourcing Can Relieve the Squeeze on Healthcare
IT Strategic Sourcing Can Relieve the Squeeze on HealthcareIT Strategic Sourcing Can Relieve the Squeeze on Healthcare
IT Strategic Sourcing Can Relieve the Squeeze on Healthcare
 
Understanding Automation and Autonomics
Understanding Automation and AutonomicsUnderstanding Automation and Autonomics
Understanding Automation and Autonomics
 
Common pitfalls in portfolia management
Common pitfalls in portfolia managementCommon pitfalls in portfolia management
Common pitfalls in portfolia management
 
15 attributes of leaders in IT outsourcing
15 attributes of leaders in IT outsourcing15 attributes of leaders in IT outsourcing
15 attributes of leaders in IT outsourcing
 
ReThink IT - IT Must Transform
ReThink IT - IT Must TransformReThink IT - IT Must Transform
ReThink IT - IT Must Transform
 

More from WGroup

The M&A Playbook for IT
The M&A Playbook for ITThe M&A Playbook for IT
The M&A Playbook for ITWGroup
 
Strategies to Address Regulation in Sourcing
Strategies to Address Regulation in SourcingStrategies to Address Regulation in Sourcing
Strategies to Address Regulation in SourcingWGroup
 
IAOP OWS 17 Leveraging Outsourcing to Modernize While Maintaining Applications
IAOP OWS 17 Leveraging Outsourcing to Modernize While Maintaining ApplicationsIAOP OWS 17 Leveraging Outsourcing to Modernize While Maintaining Applications
IAOP OWS 17 Leveraging Outsourcing to Modernize While Maintaining ApplicationsWGroup
 
The data ecosystem
The data ecosystemThe data ecosystem
The data ecosystemWGroup
 
Why sourcing speed is critical
Why sourcing speed is criticalWhy sourcing speed is critical
Why sourcing speed is criticalWGroup
 
Agile based project management
Agile based project managementAgile based project management
Agile based project managementWGroup
 
A prescription for saving money case study
A prescription for saving money case studyA prescription for saving money case study
A prescription for saving money case studyWGroup
 
Next generation IT outsourcing and the global enterprise model (GEM)
Next generation IT outsourcing and the global enterprise model (GEM)Next generation IT outsourcing and the global enterprise model (GEM)
Next generation IT outsourcing and the global enterprise model (GEM)WGroup
 
Multi-supplier governance
Multi-supplier governance Multi-supplier governance
Multi-supplier governance WGroup
 
Indirect procurement
Indirect procurementIndirect procurement
Indirect procurementWGroup
 
Best-in-class vendor management office
Best-in-class vendor management office Best-in-class vendor management office
Best-in-class vendor management office WGroup
 
Five principles for improving your cyber security
Five principles for improving your cyber securityFive principles for improving your cyber security
Five principles for improving your cyber securityWGroup
 
Five ways to develop a successful outsourcing contract
Five ways to develop a successful outsourcing contractFive ways to develop a successful outsourcing contract
Five ways to develop a successful outsourcing contractWGroup
 
How to select the right sourcing advisor
How to select the right sourcing advisorHow to select the right sourcing advisor
How to select the right sourcing advisorWGroup
 
IT outsourcing is not about cost savings
IT outsourcing is not about cost savingsIT outsourcing is not about cost savings
IT outsourcing is not about cost savingsWGroup
 
Innovative sourcing transformation provides ongoing value through strategic p...
Innovative sourcing transformation provides ongoing value through strategic p...Innovative sourcing transformation provides ongoing value through strategic p...
Innovative sourcing transformation provides ongoing value through strategic p...WGroup
 
Pharmacy systems analysis
Pharmacy systems analysis Pharmacy systems analysis
Pharmacy systems analysis WGroup
 
IT due diligence for private equity firm
IT due diligence for private equity firmIT due diligence for private equity firm
IT due diligence for private equity firmWGroup
 
IT spend & cost modeling
IT spend & cost modeling IT spend & cost modeling
IT spend & cost modeling WGroup
 

More from WGroup (19)

The M&A Playbook for IT
The M&A Playbook for ITThe M&A Playbook for IT
The M&A Playbook for IT
 
Strategies to Address Regulation in Sourcing
Strategies to Address Regulation in SourcingStrategies to Address Regulation in Sourcing
Strategies to Address Regulation in Sourcing
 
IAOP OWS 17 Leveraging Outsourcing to Modernize While Maintaining Applications
IAOP OWS 17 Leveraging Outsourcing to Modernize While Maintaining ApplicationsIAOP OWS 17 Leveraging Outsourcing to Modernize While Maintaining Applications
IAOP OWS 17 Leveraging Outsourcing to Modernize While Maintaining Applications
 
The data ecosystem
The data ecosystemThe data ecosystem
The data ecosystem
 
Why sourcing speed is critical
Why sourcing speed is criticalWhy sourcing speed is critical
Why sourcing speed is critical
 
Agile based project management
Agile based project managementAgile based project management
Agile based project management
 
A prescription for saving money case study
A prescription for saving money case studyA prescription for saving money case study
A prescription for saving money case study
 
Next generation IT outsourcing and the global enterprise model (GEM)
Next generation IT outsourcing and the global enterprise model (GEM)Next generation IT outsourcing and the global enterprise model (GEM)
Next generation IT outsourcing and the global enterprise model (GEM)
 
Multi-supplier governance
Multi-supplier governance Multi-supplier governance
Multi-supplier governance
 
Indirect procurement
Indirect procurementIndirect procurement
Indirect procurement
 
Best-in-class vendor management office
Best-in-class vendor management office Best-in-class vendor management office
Best-in-class vendor management office
 
Five principles for improving your cyber security
Five principles for improving your cyber securityFive principles for improving your cyber security
Five principles for improving your cyber security
 
Five ways to develop a successful outsourcing contract
Five ways to develop a successful outsourcing contractFive ways to develop a successful outsourcing contract
Five ways to develop a successful outsourcing contract
 
How to select the right sourcing advisor
How to select the right sourcing advisorHow to select the right sourcing advisor
How to select the right sourcing advisor
 
IT outsourcing is not about cost savings
IT outsourcing is not about cost savingsIT outsourcing is not about cost savings
IT outsourcing is not about cost savings
 
Innovative sourcing transformation provides ongoing value through strategic p...
Innovative sourcing transformation provides ongoing value through strategic p...Innovative sourcing transformation provides ongoing value through strategic p...
Innovative sourcing transformation provides ongoing value through strategic p...
 
Pharmacy systems analysis
Pharmacy systems analysis Pharmacy systems analysis
Pharmacy systems analysis
 
IT due diligence for private equity firm
IT due diligence for private equity firmIT due diligence for private equity firm
IT due diligence for private equity firm
 
IT spend & cost modeling
IT spend & cost modeling IT spend & cost modeling
IT spend & cost modeling
 

Recently uploaded

Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 

Recently uploaded (20)

Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 

Failure is not an option

  • 1. Drive Your Business Failure Is Not an Option Protecting a mid-sized company from IT security threats
  • 2. 2 ©2015 WGroup. ThinkWGroup.com Executive summary Today, all organizations must contend with the possibility that they could become the targets of a malicious cyber-attack. The threat of breach to mid-sized companies grows with each passing year as more valuable information and mission-critical applications are handled by IT and stored on public-facing servers. Medium-sized businesses struggle to meet the challenges presented by these risks as they may lack the security budget of larger organizations but still be a valuable target for attack. This can put them in a uniquely dangerous position. In order to reduce their risk and contend with the possibility of attack, mid-sized companies must learn to stretch their budget and implement procedures that give them the greatest security benefit-to-cost ratio. Mid-sized companies are at risk In order to properly prepare for the possibility of breach, companies must understand the repercussions of a failure to do so. Cybercrime is reaching all-time highs, and many attackers are targeting smaller organizations that may not have the same defensive abilities as larger targets. Attackers can steal sensitive information, cause downtime, and destroy systems. This can lead to losses ranging up into the millions. No company that relies on IT for any mission-critical function can afford to ignore the risk posed by these threats. Managing risk with a limited budget Even if an organization recognizes that they must take steps to reduce the risk of a breach, they may not know where to begin doing so. Mid-sized companies must have a structured plan in place to ensure that they are maximizing the effectiveness of their budgets and taking action to protect their assets with the greatest efficiency. These plans should be built using a five-pronged approach: • Identifying threats • Identifying security needs • Updating enterprise- security architecture • Creating a breach detection and response plan • Deploying your strategy
  • 3. 3 ©2015 WGroup. ThinkWGroup.com For many businesses, IT security might be relatively low on the priority list. Most organizations are more concerned with growing and deploying their products and services than with protecting their IT infrastructure from malicious attack. This mentality is driven by a belief that most attackers are only interested in high-profile targets and that the company doesn’t actually have anything valuable to steal. There is growing evidence, however, that organizations of practically every size are routinely targeted for attack. The repercussions of those attacks can be great. What is at stake? Attackers are targeting mid-sized businesses Today, more mid-sized businesses are being targeted for IT attacks than ever before. Attacks on firms with 2,500 employees or less rose 61% in 2013 alone, while attacks on larger firms slightly decreased in the same time period.1 Clearly cybercriminals are singling out smaller businesses, but why? One of the likely reasons that attacks on mid-sized companies are increasing is that the use of IT for a wide range of applications and services has grown exponentially. More smaller businesses than ever before are using IT services to store and share data, communicate, automate systems, and perform basic business tasks. Today, practically every company uses IT in some capacity, and its role in the workplace is constantly expanding. This growth increases the range of targets that attackers can exploit. In the past, many mid-sized company may not have kept sensitive electronic data; now nearly all do. As more new functionality and applications trickle their way down from the largest firms to smaller firms, medium-sized business become significant targets of cyberattack. More businesses use vulnerable technology
  • 4. 4 ©2015 WGroup. ThinkWGroup.com Of course cybercriminals aren’t only attacking mid-sized businesses. They also routinely target individuals, government agencies, small businesses, and multinational conglomerates. As annual losses to organizations from computer hacker theft approach $445 billion, cybercrime is increasing by almost any metric.2 Stealing financial information, intellectual property, and other data can be very good business for attackers, and many have joined their ranks seeking profit. The attackers are also becoming more sophisticated. Some security experts estimate that as many as 80% of attackers are affiliated with organized crime.3 Malware and other attack tools are becoming much more readily available. The much publicized shutdown of Darkode, an online marketplace for stolen information and malicious software, showed the extent of the cybercrime industry, and the site likely will be replaced quickly by similar sites. Despite the best efforts of law enforcement worldwide, cybercrime is unlikely to dissipate in the foreseeable future. Cybercrime is growing Perhaps the most important reason why attacks on mid-sized companies are growing is that many remain relatively easy targets compared to larger corporations. Most mid-sized businesses have much smaller InfoSec budgets than large companies. Most do not employ a range of specialized personnel or invest in technology to ensure that their data, applications and systems are protected. This leads to inadequate defenses and can cause serious financial losses. One recent analysis of data breaches found that two-thirds of breaches remain undiscovered for months or more.4 This clearly indicates serious security deficiencies in many companies. Mid-sized companies are easier targets
  • 5. 5 ©2015 WGroup. ThinkWGroup.com Mid-sized companies need to do more to protect themselves from IT security threats, but how can they increase the effectiveness of their defense strategies without drastically increasing their budget? Better security begins with effective strategy. Businesses working on a limited budget must put forth extra effort planning for their needs and identifying ways to make their resources do more to protect them. Secure strategy with a limited budget Identify potential threats1 Before drafting a comprehensive security strategy for a mid-sized business, it is important to start by identifying potential threats. This helps your company focus on the most likely targets and attack scenarios, giving the greatest possible protection for invested resources. Talking to other enterprises, consultants, the IT department, and outside groups can help provide information about what kinds of threats might affect your company and what can be done to address those risks. Questions to ask include: Companies in certain industries are much more likely to be subject to some form of attacks than others. For example, those in the financial industry are likely to have customers’ private information or other financial data stolen. Similarly, those developing new intellectual property are likely to have that information targeted. Identifying the most valuable assets of your business can help create a priority list for security measures. What threats affect my sector?
  • 6. 6 ©2015 WGroup. ThinkWGroup.com Understanding what kind of attacks are threats is a critical first step in identifying ways to make IT more secure.  Although ingenious breaches involving multiple stages, password decryption and various attack vectors can happen, the most common forms of attack are much simpler, relying primarily on victim inexperience. Most malware is deliberately installed by unaware users led to believe that it is anti-virus software or a necessary update. Most passwords are collected through simple phishing scams in which users unwittingly give away their information to those in the guise of authority.5 Understanding what kind of attacks are a threat to your business is a critical first step in identifying ways to make IT more secure. What attacks are most common?
  • 7. 7 ©2015 WGroup. ThinkWGroup.com Identify security needs2 With information garnered from analyzing potential threats to your business, you can begin formulating a list of necessary requirements to protect against those threats and secure the company. This helps your business further prioritize the agenda and build a roadmap for action. Questions that businesses should ask themselves include: Some data, services, systems, and applications are more important to your business than others. Losing access to an in-house messaging application may be inconvenient and cause some loss in productivity, but it is not likely to have as much impact as an e-commerce website going down or customers’ private data being stolen. With this in mind, it is critical for the budget-minded organization to treat each item separately, with more effort and resources going to protect those that are most valuable. What is mission-critical? Some data, services, systems, and applications are more important to your business than others. Losing access to an in-house messaging application may be inconvenient and cause some loss in productivity, but it is not likely to have as much impact as an e-commerce website going down or customers’ private data being stolen. With this in mind, it is critical for the budget-minded organization to treat each item separately, with more effort and resources going to protect those that are most valuable. What are our compliance needs? Every business has different risk tolerances and different policies in place to secure information and protect against attack. Any information security plan must be aligned with broader business goals in order to gain support from other areas of the company and to ensure that it is effective. What are corporate policies and goals?
  • 8. 8 ©2015 WGroup. ThinkWGroup.com Security can be better enforced by strictly regulating the connections between zones and grouping devices.  Update enterprise-security architecture 3 Policies form the basis for strong enterprise-security architecture. They give guidance to employees and form a roadmap for building and maintaining systems. For these reasons, it is absolutely critical that policies be comprehensive, modern, and effective in the real world. What network-security policies are in place? At the foundation of an effective security strategy is solid enterprise-security architecture. It is important to carefully evaluate your architecture and identify ways to make it more robust in order to ensure that the network, servers, applications, and services in your business are safe. Key topics to consider include: Organizations must analyze their network topology, their use of wireless APs, and other foundational building blocks of the network and identify areas in which it could be made more secure. For example, companies need to build in separations by creating trusted areas, semi-trusted areas, and untrusted areas. By strictly regulating the connections between these zones and grouping devices into related groups, you can better enforce security policy and prevent unauthorized access to data. Is the network built securely? Third-party vendors are a greater part of IT than ever before. With the range of cloud- based services available, many companies use outside solutions for storage, computing, infrastructure, disaster recovery, and a wide selection of other activities traditionally performed in-house. This can greatly complicate the security architecture of a company. Integrations and access between the vendor and the core network must be made secure and IT must make sure that the vendor’s own security practices are aligned with business security needs. What role do third parties play?
  • 9. 9 ©2015 WGroup. ThinkWGroup.com Create a breach detection and response plan 4 In the event of a breach, it is extremely important that companies act quickly to prevent damage to systems or loss of information. However, many businesses have an extremely limited ability to address breaches if they do occur. In order to mitigate risk and create a more secure IT organization, companies must have systems and personnel in place to stop breaches, identify APTs, prevent further attacks, and repair any damage that has been done. In the event of a breach, many parties must be notified. IT management must first be notified so they can address the breach and ensure that its damage is limited, other business leaders must be informed so they can determine how the breach will affect their activities, and the public may have to be informed if the breach involves a loss of personal information. Companies should have systems in place to control the prompt and accurate distribution of these notifications to limit the potential negative impact of the incident. Prepare notifications Many mid-sized companies struggle to respond to breaches effectively, or even detect that they occurred. In 2013, as many as 71% of companies that experienced a breach did not detect the incident themselves.6 A lack of large budgets restricts IT’s ability to hire personnel specialized in responding to cyber-attacks. For this reason, many organizations choose to use a third-party security service that can help them detect and respond to incidents. These companies employ highly trained individuals who can quickly put a stop to a breach and often identify the attackers. This can be an invaluable addition for companies lacking the budget for a full-time security team. Consider third-party help Hackers may destroy systems, take services offline, or cause general havoc with IT systems. In order to ensure that this does not lead to disastrous losses in productivity or data, it is important that companies have an effective recovery plan in place. This should include provisions for data recovery, server redundancy, and forensics to help identify the attackers. Have a disaster recovery plan in place
  • 10. 10 ©2015 WGroup. ThinkWGroup.com Deploy your strategy5 Once an effective strategy has been developed, the company must take action to deploy it. This will be an extended process, including the initial changes and the ongoing maintenance and operations that it requires. If the information security strategy was properly developed, it should take into account the needs of the entire organization, not just the IT department. This should make it relatively simple to make the case to other business leaders that the provisions required by the strategy are absolutely necessary. Getting support across the company can help ensure that the necessary resources can be allocated and that the organization will adhere to the defined procedures and objectives. Make a case to business leaders Most corporate security breaches can be traced back to an attacker exploiting an uninformed employee. That’s why employee education is one of the most important steps in deploying effective security measures. Everyone in the company must be made aware of proper protocols and understand the importance of protecting passwords and other sensitive information. Educate employees Security strategies should not be static documents. They must be constantly evaluated and revised based on their performance. Companies should keep detailed records of the types and frequency of attacks they experience, how effective their defenses were, where attacks originated, and other related data to refine their strategies and make them more efficient. Evaluate and revise
  • 11. 11 ©2015 WGroup. ThinkWGroup.com Effective security is a critical component of the IT organization at any mid-sized company. However, taking steps to build robust security into the organization can be challenging for those on a relatively limited budget. In order to meet these challenges, companies must implement the right strategies to minimize risk in a cost-effective way. Summary Key thoughts: • Mid-sized companies face an ever-growing threat of breach. • The cost of ignoring security threats can be devastating. • Many smaller companies struggle to take the steps necessary to properly protect themselves. • Budget-minded companies must take a thought-out approach to security that emphasizes key objectives and prioritizes actions that will be the most effective. • Most security breaches are caused by an employee mistake. Education and training are critical parts of security. • Any security strategy should be regularly evaluated to ensure it is cost-effective and that it addresses the latest threats. If you would like to learn more about this and other issues facing the modern CIO, visit thinkwgroup.com/insights 
  • 12. 12 ©2015 WGroup. ThinkWGroup.com References [1] http://www.informationweek.com/government/cybersecurity/cyber- attackers-target-small-midsized-businesses/d/d-id/1278632 [2] http://www.bloomberg.com/news/articles/2014-06-09/cybercrime- remains-growth-industry-with-445-billion-lost [3] http://deloitte.wsj.com/cio/2015/05/12/security-expert-marc-goodman-on-cyber-crime/ [4] http://www.verizonenterprise.com/resources/reports/rp_data- breach-investigations-report-2013_en_xg.pdf [5] http://www.infoworld.com/article/2616316/security/the-5- cyber-attacks-you-re-most-likely-to-face.html [6] https://www.trustwave.com/Resources/Global-Security-Report-Archive/
  • 13. Drive Your Business Founded in 1995, WGroup is a boutique management consulting firm that provides Strategy, Management and Execution Services to optimize business performance, minimize cost and create value. Our consultants have years of experience both as industry executives and trusted advisors to help clients think through complicated and pressing challenges to drive their business forward. Visit us at www.thinkwgroup.com or give us a call at (610) 854-2700 to learn how we can help you. 150 N Radnor Chester Road Radnor, PA 19087 610-854-2700 ThinkWGroup.com