As a company with a reputation for building mission-critical IT systems for the defence and aerospace industries, Thales has an understandable interest in IT security spending.
Which is why I was surprised to find myself reading a report (http://www.thalescyberassurance.com/white-papers.htm) commissioned by the company which suggested businesses may be spending too much on IT security by over-protecting non-sensitive data.
Depending upon your company's appetite for risk" she explains "no data is ever considered as non-sensitive.
Ross Parsell, director of cyber strategy at Thales UK, warns that, while the volume and scale of cyber-attacks show no signs of slowing down, there is a danger that resources are sometimes assigned to areas that do not need them.
This idea that IT departments might be spending too much on the wrong things got me thinking: could the average enterprise do better, and be more secure, while spending less?
Paying out
A great deal of the overspend argument depends on what organisations class as 'non-sensitive data', explains Logica's business consulting cyber security lead, Cheryl Martin.
"[In certain companies] No data is ever considered non-sensitive," says Martin. "Cyber criminals earn their keep from obtaining and reselling the most innocuous piece of information which, with careful company grooming, could be used to pull together an in-depth view of the targeted organisation and individuals".
-
Using WinRAR? Update now to avoid falling victim to this file path flawNews WinRAR users have been urged to update after a patch was issued for a serious vulnerability.
-
Amazon CEO Andy Jassy doubles down on the company's AI focusNews Amazon CEO Andy Jassy thinks companies need to "lean into" AI and embrace the technology despite concerns over job losses.
-
Scania admits leak of data after extortion attemptNews Hacker stole 34,000 files from a third-party managed website, trucking company says
-
Capita tells pension provider to 'assume' nearly 500,000 customers' data stolenCapita told the pension provider to “work on the assumption” that data had been stolen
-
Gumtree site code made personal data of users and sellers publicly accessibleNews Anyone could scan the website's HTML code to reveal personal information belonging to users of the popular second-hand classified adverts website
-
Pizza chain exposed 100,000 employees' Social Security numbersNews Former and current staff at California Pizza Kitchen potentially burned by hackers
-
83% of critical infrastructure companies have experienced breaches in the last three yearsNews Survey finds security practices are weak if not non-existent in critical firms
-
Identity Automation launches credential breach monitoring serviceNews New monitoring solution adds to the firm’s flagship RapidIdentity platform
-
Neiman Marcus data breach hits 4.6 million customersNews The breach took place last year, but details have only now come to light
-
Indiana notifies 750,000 after COVID-19 tracing data accessedNews The state is following up to ensure no information was transferred to bad actors
