Sister CISA CISSP

Mar 17 2010   8:26PM GMT

What Constitutes “A Lot of Money?”

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald

There’s always a lot of discussion on the Internet about how much “security” (by which they usually mean IT security) costs, and whether it’s a good ROI. (Return on Investment – another candidate for Acronym dismemberment.)

There’s a lot of factors to consider, but for small to medium sized businesses or non-profits, here’s some important questions:

What is the financial risk to your company?
Lawsuits
Regulatory fines
Repairs to systems
Reputation – loss of business due to public awareness of your company’s perceived “flaw”
Direct cost of theft

I started thinking about this from a small/medium sized company’s perspective, after reading a commentary in a SANS NewsBite. The commentary (Yes! I’m now commenting on a commentary about a commentary on news. Does this mean I can now be a Certified Commentarian?)

The news commentary (alright, I’ll stop now) article referenced statistics from the FDIC that were provided at the recent RSA conference, most notably:

…small businesses and nonprofits have suffered some relatively large losses — $25 million in the 3rd quarter of 2009. Hackers target small businesses where the security controls are weak.

It’s an interesting article, and summarizes the ACH and wire fraud thefts via Banking Trojans that I’ve talked about previously. The commentary went on to say that in the larger scheme of things, $25 million dollars is a relatively small amount.

My first response was, “Not to me!” Then I began to wonder, how much money could a small/medium company lose and still stay afloat? It’s a question worth asking when costs for IT Security are raised.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: