Cybercriminals are finding it easier to move downstream and target small to medium businesses... Regardless of whether you are... [smaller] ...you face the same problems as a global enterprise when a breach occurs: potential fines, bad press, class-action lawsuits and customer attrition.I have noticed recently that the affects of PCI-DSS are extending out of retail and into Healthcare and other verticals. HIPAA is extending into law firms and other organizations that somehow support healthcare rather than actually being healthcare.
So yes, the NEED to provide security and proof-of-security (audit) seems to be GROWING as BUDGETS to address the needs are SHRINKING.
NEED - GROWING
BUDGET - SHRINKING
...not an ideal scenario. So, what do you do?
Page 2 has the tips on how to maximize the budget. Basically, you need to look at efficiency, automation, and finding the right fit (rather than blowing the budget on something that attempts to cover everything). Think Operationalizing Security.
One thing I took away from SC World Congress was the fact that smart people are still recommending an approach that includes business alignment and risk analysis rather than a shotgun approach. Be a surgeon. Figure out your risks and find the right way to address them while balancing cost, approach, efficiency, etc. Don't just keep boarding up all the windows.