What Needs to be Done
Both the business world and government have a lot to work to do when it comes to preparing for and preventing a cyberattack using your network infrastructure as a weapon. Sure, many businesses and government entities are now paying attention to the threats to their networks, but the money is not being spent on the security solutions.
Perry again says, "When you work out the percentage of corporate budgets spent on IT security, it's less than 1%. Most organizations spend more on coffee than IT security." By Perry's estimation, companies should be spending at least 100 times more on security measures.
And here's the payoff.
The money that should be spent by public and private organizations on security measures should not just go to technology solutions but toward hiring smarter, security-savvy people who actually manage the various networks and the managers who oversee the different departmentsincluding human resources. A blistering accusation from Alan Paller, director of research at the SANS Institute, drives home the fact that over the last two years, the number of computers added to the Internet has more than doubled from 71 million to more than 146 million, yet, there have only been "about 25,000 people who can even spell 'security'" that have been added in those two years. Paller also says, "We need to up the security skills of these network engineers. And that's not going to happen overnight."
Your organization can start by closing the Twenty Most Critical Internet Security Vulnerabilities listed by the SANS Institute and the FBI.