Which companies will be successful in building cybersecurity as a system? Does this effectiveness in information security issues depend on the size of the company, its profitability, the direction of business or other parameters?
I will answer this way: works great in organizations where owners and managers have decided to take this issue seriously. It does not depend on the scale of the business or the industry, we have seen this many times from the experience of our customers. On the one hand, there is an IT service provider with an annual turnover of a couple of billion rubles. Its information security is at such a level that not even a fly can get through. And on the other hand, there is a giant organization, practically a monopolist in its market, where we spent literally 15 minutes penetrating the perimeter as part of an agreed pentest.
It’s just that in the first case, the owners bahamas mobile database information security as one of the highest priorities, while in the second, cybersecurity was not given due attention – even after several successful hacker attacks.
How much does it cost to set up a proper cyber risk assessment and response system? Can all organizations afford it?
It is impossible to name the amount of the "average check" for at least two reasons. First, each organization has its own range of threats. Accordingly, its own set of protection tools. Second, much depends on budgets. And on the real (or imaginary) need to buy solutions from a specific vendor.
In our country, the information security market is mature and dynamic, so there are several developments for each task. There is plenty to choose from. Perhaps only enterprises that are subjects of critical information infrastructure have some restrictions. They are not allowed to use open source by law. For others, there is no such restriction. The choice of a set of solutions is largely a matter of budget and preferences of decision makers.
Organizations that are not included in the list of critical information infrastructure entities are not limited in any way. And they are in the best position. It is in their environment that the best examples of practical security are formed, when average organizations take not those solutions that must be installed by law, but those solutions that will best solve specific problems. And the appropriate solutions are not necessarily the most expensive. This is extremely interesting to observe.