Share this
How to survive below the cybersecurity poverty line
by DNSFilter Team on Jan 30, 2023 12:00:00 AM
The security poverty line broadly defines a divide between the organizations that have the means and resources to achieve and maintain mature security postures to protect data, and those that do not. It was first coined by cybersecurity expert Wendy Nather in 2011, and the concept is just as relevant today as it was then (if not more so). It has widely become the benchmark for acceptable cybersecurity, often associated with factors such as company size, sector and disposable income, but also know-how and appetite for recognizing and addressing security inadequacies.
Generally (but not always), those “above” the security poverty line are larger, private-sector businesses with the money, talent pool, and durability required to meet basic but highly important cybersecurity standards. Below it are typically small, young businesses or those that operate in cash- and resource-strapped sectors (though this is not a universal fact).
Being below the security poverty line is unenviable for any organization, because it not only means they are likely to either lack the assets to keep data effectively secure or do not have the ability or inclination to do so, but they can also be prime targets for attackers and cybercriminals. “I see the cybersecurity poverty line as a mechanism for a reality check in all our industry conversations,” Fernando Montenegro, senior principal analyst at Omdia, tells CSO. “From practitioners to vendors, service providers, investors, analysts – all of us need to keep in mind that many organizations have, for a variety of reasons, limitations on how they do cybersecurity. This has profound downstream effects on everything from public policy to contract terms, hiring, and more.”
Who’s below the cybersecurity poverty line?
All types of businesses and sectors can fall below the cybersecurity poverty line for different reasons, but generally, healthcare, start-ups, small- and medium-size enterprises (SMEs), education, local governments, and industrial companies all tend to struggle the most with cybersecurity poverty, says Alex Applegate, senior threat researcher at DNSFilter. “Typically, each of them has very limited budgets, besides additional factors that affect each in different ways.” These include wide, cumbersome, and outdated networks in healthcare, small IT departments and immature IT processes in smaller companies/start-ups, vast network requirements in educational institutions, statutory obligations and limitations on budget use in local governments, and custom software built around specific functionality and configurations in industrial businesses, he adds. Critical National Infrastructure (CNI) firms and charities also commonly find themselves below the cybersecurity poverty line, for similar reasons.
Share this
Better, more robust cybersecurity is not a new need for today's digital organizations; it's a perennial one. What's new are the particular challenges these organizations face due to the advent of AI technologies and hybrid work models, among other changes. Such realities call for not just new tools but new ways of thinking. Securing modern businesses is a matter of staying updated on the latest threats, updating tools and looking at security from...
Fostering Channel Partner Growth Through Major Initiatives
Richie Wade, Manager of Sales Engineering at DNSFilter, discusses how AI-powered DNS security is evolving to combat the rising tide of cyber threats, offering MSPs enhanced protection and seamless PSA integrations with Uncle Marv, host of the IT Business Podcast.