After the ransomware attacks on Antwerp and Diest, many will think: "Can this happen to us?" Here are some major red flags. If you encounter them in your organization, you might be in trouble.
🚩 Inadequate security metrics
Reading this post to find out the answer to "Can this happen to us?" is actually a major red flag. The InfoSec department should gather and publish easily accessible metrics and reports on the efficacy of the InfoSec program to keep your organization safe. Those should give you the confidence you seek, not some random blog post on the internet. But do read on for the other red flags.
🚩 Employee resentment towards InfoSec
Do your employees regard the InfoSec department as a nuisance that prevents them from doing their job properly? And do they often complain about the InfoSec department? This is another major red flag, as unhappy employees will disregard, circumvent or even sabotage the policies of the InfoSec department. Most cyberattacks are made possible due to human error, not because of software vulnerabilities, and a well-regarded InfoSec department is key in winning the trust of your employees and preventing many of those attacks.
🚩 Insufficient InfoSec budget
How much do you spend on Information Security? If the answer is "I don't know, it's included in the IT budget", or "Our IT provider handles that", that's a major red flag. Of course the correct amount will depend on your organization, but a rule of thumb is 15% of the total IT budget. For every 100k invested in app development, 15k should go to securing it.
Those are our 3 major red flags, at least one of which already applies to you. Time for action! And don't skimp on your InfoSec budget for 2023 😉
