2014 was a year riddled with data breaches and cyber attacks that left consumers, retailers and financial institutions crippled. But 2015 is seeing a new trend – increased cybersecurity spending. The frequency and severity of these breaches has motivated executives to find a way to combat these cyber criminals and that means getting creative – and opening up the corporate wallet.
According to the Wall Street Journal, 67 of 100 executives from the technology industry say that they have already increased security spending in the past 12 months. And in the wake of the breaches, Chief Security Officers are now capable of not only demanding higher salaries but higher security budgets as well. In August, Gartner Inc. projected that worldwide information security spending would grow by 8.2% in 2015 to reach $76.9 billion. The increase in security budgets as well as information security products and services has made data security a priority for more and more members of C-suites and Boards of Directors.
There are several different ways that companies are approaching securing their data. Many have implemented new software security tools, others have revamped their response plan in the case of a data breach, external security consultants are in high demand, and many companies have even created the position of Chief Security Officer. The direction that the fight against data breaches will head is still unclear but there is one sure fact: in order to make any headway against the cyber criminals who seek to extract and profit off of your data, you must have a plan.
When it comes to spending the growing information security budget, we see two general approaches that companies take: Defend the Fort or Devalue the Data.
- The Defend the Fort approach requires companies to build stronger security around their systems and data. The general idea is to prevent the data from being taken in the first place with firewalls, 24/7 monitoring, intrusion detection and constant patch detection. This approach is a costly and time consuming method for protecting sensitive data.
- With the Devalue the Data approach, companies use technology that devalues their data before it reaches a point where it can be compromised rendering any breached and stolen data valueless in the hands of the cyber crooks. The Devalue the Data approach allows information security budgets to stretch farther while providing a complete data security solution.
Bluefin is a security pioneer in payment protection – one year ago today, on March 18th 2014, Bluefin became the first company in North America to receive PCI validation for a point-to-point encryption (P2PE) solution. Today, we offer P2PE for mobile payments through our QuickSwipe mobile platform and retail payments through our PayConex P2PE Enhanced Gateway and through Decryptx. P2PE adopts the Devalue the Data approach by encrypting all cardholder data within a PCI P2PE-approved device and only decrypting the data off-site in hardware, away from the merchant’s network – so that no clear-text is available in the point of sale system.
You can read more on the differences between defending and devaluing sensitive data from the perspective of Ruston Miles, Bluefin’s chief Innovation Officer and an expert on the subject of securing data, in the March Merchant Advisory Group newsletter.