Over the weekend, a friend of mine asked me this question over dinner. Knowing that I belonged to the security field, it was kind of a way to mock at me. Do we keep a security guard in our companies? Do we loose or gain business by keeping one, why should we invest in a firewall than. Isn't a firewall similar to a security guard? Others too joined in the chorus. They too started asking on whether my data will ever be attacked or hacked? And why would anyone be interested in my data? What will I loose, if my data is breached? Is the investment in a firewall worth it?
Though there was certain arrogance but the anxiety about data security was quite evident.
Interestingly everyone related a firewall to a security guard and hence the understanding of data security was missing. For them investing in a security guard in an office for the fear that someday, someone will attack was a wasteful expenditure. Wouldn't the guard be sitting idle for most of his time, eventually being used for other office work rather than being used for protection? Similarly, will a firewall help him to increase his business? If not, why should he invest in one.
Though these thoughts are reasonable but they lead to security being pushed back in priority. Anything that will bring more business and revenues to an organisation will always have the highest priority.
But aren’t we wrong in relating a firewall to a security guard? A security guard is expected to protect your infrastructure but is never relied for protecting your key assets. You may not invest in a security guard, but you always spend money to buy the best safe to protect your jewelry, documents or even cash and do not think twice to invest in it. If a firewall is looked at only securing your infrastructure, it looses it purpose. Next Generation firewalls have to be used in protecting your data, which is far critical to your organization than just protecting your infrastructure.
According to a recent report, Indian companies have lost more than 12 crores in data breaches. This figure has doubled in the last five years. There are many breaches that go unreported and the figure could be much higher. Unfortunately in India, there is no norm to disclose data breaches, but that is about to change with the Data Privacy bill, 2018. For the first time there is a heavy penalty for data breaches. Today’s businesses are driven through the internet and organisations are connected to their customers, suppliers, service providers enhancing the customer experience. But these leave enterprises vulnerable. Smaller to medium enterprises are more vulnerable to inside attacks. According to a report, companies with less than 150 employees account for 82% of internal breach cases. Smaller organisation with a tight knit workforce lay more trust on their employees and hence are more vulnerable to data loss.
Large enterprises like to work with companies who can demonstrate that they have good data protection systems in place. The cost of a data breach would be much higher for a larger enterprise, not only in terms of loss of reputation, but also financially in terms of fines and business loss. No organization would like to work with companies where security is not given priority. Such companies could become a potential point of attack for them. A good security system and a firewall not only protects your key assets, but also builds confidence in your customers which ultimately leads to more business and increase in revenues.