• United States




Positive signs for the future of cybersecurity

May 27, 20154 mins

For all the infosec hurdles to overcome, we can build a bright future if the enterprise can pull together.

We often talk about the enormous challenges facing IT departments around the world. The consumerization of IT, driven by the BYOD trend and coupled with mobility, has given birth to a wide range of serious security threats. As the enterprise increasingly relies on the cloud to provide software, infrastructure, and platforms as services, safeguarding valuable company data is an entirely different prospect than it was even just a decade ago.

But for all the hurdles to overcome, there is mounting evidence that businesses no longer have their heads buried in the sand — or stuck in the cloud! There’s a growing realization that cybersecurity requires budgetary commitment, sincere collaboration, and a solid stratagem. If the enterprise can pull together, with government backing and the right expertise, we can build a bright future that’s secure from cybercriminals.

Money, money, money

We’re not going to solve the problem by throwing money at it, but it certainly helps, and it’s also indicative of a deeper understanding of the underlying threats and potential costs of a data breach.

The Ponemon Institute found the average cost of a data breach in 2014 was $3.5 million, a 15% increase from 2013. The enterprise is starting to realize that it’s an awful lot cheaper to provide a proper budget for security now than it is to pay through the nose later.

Companies are growing more aware of threats, and this is leading to a greater allocation of resources. Gartner estimated that worldwide information security spending rose 7.9% last year, reaching a total of $71 billion, and it’s set to grow another 8.2% this year to hit $77 billion.

According to the 2015 Piper Jaffray CIO Survey, security is the top spending priority for CIOs in 2015, just as it was in 2014. An impressive 75% of respondents expect to increase security spending this year, and that comes on top of an average 2% growth in annual IT budgets.

Government backing

The U.S. Government is also weighing in. President Obama identified cybersecurity as a priority in his budget and asked for $14 billion to boost defenses for 2016. That’s an increase of $1.5 billion compared to this year, and it includes funds for a Civilian Cyber Campus intended to bring agencies together to focus on cybersecurity issues. That spirit of collaboration extends to the private sector.

The White House summary stated, “Cyber threats targeting the private sector, critical infrastructure and the federal government demonstrate that no sector, network or system is immune to infiltration by those seeking to steal commercial or government secrets and property or perpetrate malicious and disruptive activity.”

With greater pooling of resources and sharing of knowledge, threat identification and neutralization will become easier and more efficient. There’s strength in numbers. 

Proper planning and education

You need resources to build security, but budgets must also be allocated wisely. When we looked at what the military can teach us about cybersecurity, we identified the need for proper planning and a system to enforce policy rules. Buying an expensive piece of security software or employing consultants to provide a snapshot of your security health is not going to be enough. You need an ongoing plan and expertise.

Thankfully, more and more knowledge is starting to filter through into the private sector, as experts from the military, the FBI, the NSA, and the Department of Homeland Security move into business and share their insight and best practices.

More businesses are starting to understand the value in educating their own workforces on security. Establishing programs to ensure that staff are aware of vulnerabilities and the potential for cyberattacks is important. Companies can leverage much greater value from existing security systems and polices by teaching staff good habits, and it’s also important that they understand the potential impact of a breach.

Rowing together

Looking beyond cybercriminals to the threat of nation-sponsored attacks, it makes sense for all of us to pull together. If the government and the private sector truly collaborate, we will see a decline in the threat level. The first stage was to recognize the level of the problem, and the scale of recent breaches has opened a lot of eyes. Now it’s time to work with each other to build ourselves a secure future. In tech we trust!

The opinions expressed in this Blog are those of Michelle Drolet and do not necessarily represent those of the IDG Communications, Inc., its parent, subsidiary or affiliated companies.


Michelle Drolet is a seasoned security expert with 26 years of experience providing organizations with IT security technology services. Prior to founding Towerwall (formerly Conqwest) in 1993, she founded CDG Technologies, growing the IT consulting business from two to 17 employees in its first year. She then sold it to a public company and remained on board. Discouraged by the direction the parent company was taking, she decided to buy back her company. She re-launched the Framingham-based company as Towerwall. Her clients include Biogen Idec, Middlesex Savings Bank, PerkinElmer, Raytheon, Smith & Wesson, Covenant Healthcare and many mid-size organizations.

A community activist, she has received citations from State Senators Karen Spilka and David Magnani for her community service. Twice she has received a Cyber Citizenship award for community support and participation. She's also involved with the School-to-Career program, an intern and externship program, the Women’s Independent Network, Young Women and Minorities in Science and Technology, and Athena, a girl’s mentorship program.

Michelle is the founder of the Information Security Summit at Mass Bay Community College. Her numerous articles have appeared in Network World, Cloud Computing, Worcester Business Journal, SC Magazine, InfoSecurity,, Web Security Journal and others.

The opinions expressed in this blog are those of Michelle Drolet and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.