The high cost of security breaches ($150 per record, according to the latest Ponemon Institute study) is matched by the high cost of defending against them. It’s important for companies to make wise investments in their information security to get protection without wasting money. Fortunately, Ponemon also highlighted some of the technologies that offer the most cost-effective security protection.

Their top five technologies include:

• Security intelligence and threat sharing.
• Automation, AI, and machine learning.
• Advanced identity and access management.
• Cyber and user behavior analytics.
• Cryptography technologies.

Other important technologies on their list include enterprise governance, risk, and compliance; automated policy management, and data loss prevention. Notably, advanced perimeter controls are widely used but don’t offer financial benefits, unlike the other mentioned technologies.

Another observation is that many of these approaches leverage new, advanced technologies. Businesses shouldn’t get distracted by “shiny new toys”; any investments in technologies you aren’t already using should be part of a well-constructed information security strategy.

It’s also important to focus on process as much as technology when developing your approach to IT security. There’s nothing advanced tech about patch management, but implementing a reliable process that applies patches to all your systems in a timely fashion can go a long way to increase your overall level of security. And because the weakest point in your security is likely to be your employees, ongoing, repeated training to help them avoid falling for phishing and other social engineering methods is a critical means of protecting your business. Similarly, businesses need to have policies and training regarding the risks of shadow IT, especially cloud file-sharing services, along with tools to detect and limit that shadow usage.

Endpoint controls are also increasingly important today, because the endpoints connecting to your network aren’t just the servers and desktops managed by your IT team; they also include mobile devices and internet of things devices that may be connected to your network without your knowledge. All of these devices create increased risk for the business while presenting a difficult environment in which to ensure secure access.

Despite all these controls, even the best-protected organization remains vulnerable to a single hacker who gets lucky. It’s therefore important to have a robust incident response plan to ensure you react effectively to any breach.

Prescient Solutions develops comprehensive cybersecurity strategies for businesses in the Chicago and Schaumburg areas. Our certified experts bring in-depth knowledge and experience and craft custom solutions to match business’s security risk tolerance and budget. Contact us to learn more about choosing cost-effective defensive technologies that will protect your business.