According to research by the Telecommunications Industry Association, US spending on cybersecurity will increase from a reported $40 billion in 2013 to more than $60 billion in 2017. In contrast, the number of reported breaches has increased from 61,200 in 2013 to 77,200 in 2015 according to a Government Accounting Office analysis. Although experts say the number of US breaches is more likely in the millions.

One would typically think that with such a massive increase in cybersecurity protection spending, the number of security breaches would decrease. Instead, the number of breaches continues to grow. According to Scott Alldridge, CEO of the IT Process Institute, this is in part because organizations are not following the security best practices made available to them by firms such as the National Institute of Standards and Technology (NIST) and the Health Information Trust Alliance (HITRUST).

Alldridge explains that often organizations do not move from a well-known, secure configuration to another well-known, secure configuration when making network changes. Cybersecurity is constantly changing and organizations are feeling pressure to implement new security features quicker and quicker. Alldridge believes that “the integrity of the configuration must be maintained throughout the change process.”

Alldridge also pointed out that many organizations are so focused on implementing point-based technology solutions that they overlook or do not focus on following best practices. “By following best practices, particularly these core control processes, you will have a much higher availability rate and fewer breaches,” he explained.