How Much Should I Expect to Spend on Web Security?
Computers & Technology → Site Security
- Author Rob Mcadam
- Published January 14, 2010
- Word count 661
When addressing the issue of web security there are two ways to phrase the question concerning what to spend on IT security. The first question is: How much should I expect to spend on web security? The second question is: How much will it cost the company if I don’t spend enough on web security? Of course a business not only needs to spend money on system security, but it must be spent on effective security systems and reviews.
In today’s economic climate the issues of security have come to the forefront as web site hackers and computer system attacks grow globally. When looking at the issue of systems and software security, you must consider potential company losses due to online theft, the return on investment for having adequate security, and the need to stay ahead of the brilliant hackers able to manoeuvre their way through even the most sophisticated muli-leveled software systems.
In March 2009 a hacker’s group proved that hacking can reach into a customer data bases without a company even knowing. A UK newspaper, "The Telegraph", was compromised by a hacking group and the newspaper found out when the nameless hacking group posted screen shots and other information on the internet, gleaned from their hacking of a 700,000 customer base, as proof of their success.
Upon reading the story closer it seems The Telegraph was using a 2-year old third party code that simply was outdated in the world of sophisticated hackers. When hackers obtain access to customer credit card data, personal information, or government identification numbers, it won’t take long before a company finds itself losing business because the targeted market is unwilling to take a chance on accessing their website.
Cost of Doing Nothing
There is a cost to doing nothing when it comes to securing a website. The research shows that up to 10 percent of a company’s IT budget may be dedicated to hardware and software security. In most cases it is probably closer to 3 to 6 percent of the budget. Smaller businesses tend to spend smaller percentages of their IT budget on security because of lack of resources more than anything else.
But the fact is hackers can ruin a small business as well as a large business. Deciding what to spend on a web security system is dependent on a number of factors. One of the overriding factors is the type of business itself. For example, a bank or investment business will need state-of-the-art server, router, and operating system securities in place in addition to regular security assessment and penetration testing.
Even as you read this article, hackers are devising new ways to penetrate firewalls and break into websites in order to steal information. Your business should be working just as hard to protect the system as hackers are working to break in to it. Implementing a security system without regular assessment and upgrades is the same as doing nothing. That is what The Telegraph newspaper discovered with their two-year old system.
Mitigating Risk
Mitigating risk is certainly one of the main reasons for security assessment. The underlying infrastructure and codes, employee access capabilities, and customer use of systems must be reviewed regularly for new vulnerabilities. The most common vulnerabilities include SQL injection, URL manipulation, cross-site scripting cookie poisoning and the database server.
Other factors determining how much should be spent on IT security include the following.
-
Government regulatory compliance
-
Sophistication of system including use of wireless networks, remote access to computer system, dependence
-
Need to assure customers system meets industry security standards and best practices
-
Rate of past incidences of security breaches
-
Size of the potential losses in the event a computer system is attacked
The one thing a company cannot afford to do is to do nothing. Computer data and system protection costs should be budgeted at a rate that gives a company the assurance it can provide customers safe access to its websites and no access to hackers.
Pure Hacking helps protect your Internet security by providing world-class penetration testing and ethical hacking risk management services. For a free consultation, please visit Ethical Hacking.
Article source: https://articlebiz.comRate article
Article comments
There are no posted comments.
Related articles
- A Brief Guide: The A-Z of Tailgating Attacks
- Essential Tips for Proofreading and Editing University Assignments
- Stop the Bleeding
- Top 10 Digital Forensics Tools: An In-Depth Exploration
- All You Need To Know To Secure Your Data From Phishing
- Crypto Security Guide: Everything You Need to Know to Protect Your Crypto
- Advancing Email Validation in Laravel
- Fortifying the Digital Fortress: Understanding the Foundations of Cybersecurity Architecture
- How is GenAI Changing Cybersecurity?
- AI-Enhanced Cybersecurity Trends for 2024
- The Game of Trust: A Guide to the Future of KYC in Gaming
- AI in Cybersecurity: The New Frontier in Digital Protection
- Metadata: The Attorney’s Secret Weapon in Civil Litigation
- The importance of cyber security
- 5 Reasons to Comply with CMMC
- Payless CCTV Security Camera
- How Bitdefender Protect From Pegasus Spyware
- Printer Security? Here Are 6 Tips To Keep Your Business Safe
- Why it is important to install Access control system at your business
- Powerful Keyloggers for Windows
- Website security check: Tips on how to protect your website from hackers
- How will cyber threats evolve in 2020?
- When to choose red teaming over penetration testing: A guide to a robust cybersecurity program
- Protect your files with drive image backup software
- How Cloud Management Values Change Your Business
- The U.S. Government and Zero Day Vulnerabilities
- Spyware – Yet Another Cyber Menace
- Reset lost passwords in Windows with Active@ Password Changer
- Antivirus measures you should know when your PC is infected with a virus
- Security Fit For Royalty!