Cybersecurity 2020 – Budgeting

Cybersecurity Budgeting

What Should We Budget Per Employee For Cybersecurity:

In May of 2019, Deloitte published the results of a survey and found that surveyed financial institutions are spending between $1,300 to $3,000 per employee on an annual basis. These institutions included banks, insurers, investment management firms, and other financial services. The report also highlighted that the per employee cost represented 6-14 percent, averaging 10 percent, of those company’s information technology budget for cybersecurity.

Cybersecurity Spending

If you are in the financial industry or not, cybersecurity is a key component to your company’s information assets’ safety. QOS Consulting can identify and outline what your company should be allocating per employee for your annual cybersecurity budget. Stop guessing and make an informed decision, QOS Consulting can schedule an audit of your organizations cybersecurity budget.

Cybersecurity 2020 – Threat Vectors

The corporate organization’s network defenses must be highly adaptive to combat the threats of 2020 and beyond. Early identification and rapid containment has always been and will continue to be the key to combat. New artificial intelligence products will be needed.

Lockheed Martin pioneered the concept “cyber kill chain”. The cyber kill chain describes up to seven sequential stages during a targeted cyber attack, they are: Reconnaissance, Weaponization, Delivery, Exploit, Installation, Command and control, and Action.

While possible attack vectors are endless, the main attack vectors are:

  • Advanced Persistent Threats
  • Phishing
  • Trojans
  • Botnets
  • Ransomware
  • Distributed Denial of Service (DDoS)
  • Wiper Attacks
  • Intellectual Property Theft
  • Theft of Money
  • Data Manipulation
  • Data Destruction
  • Spyware/Malware
  • Man in the Middle (MITM)
  • Drive-By Downloads
  • Malvertising
  • Rogue Software
  • Unpatched Software

QOS Consulting has strategies in place to combat all of the above attack vectors. Unpatched software, seemingly the simplest vulnerability, can still lead to the largest leaks. Stop wondering how protected you are and what vectors you have not accounted for, QOS Consulting can schedule a vector audit for your organization today!

Cybersecurity 2020 – Intro 101

What does your cybersecurity road map look like for 2020? Many organizations are scrambling to identify what methods, processes, solutions, software and services need to be in place to safeguard company information assets.

QOS Consulting can conduct a cybersecurity audit on your organization to identify the areas we see as needing improvement. Our team of experts can aid in the development of an ongoing cybersecurity strategy, perform rapid response execution, manage remediation, and can even provide placement of part-time or full-time compliance officers.

What is Cybersecurity:

Cybersecurity is a set of techniques or practices that are implemented to protect a company’s information assets, networks, and systems.

The Cloud Controls Matrix by Cloud Security Alliance outlines the following areas that your organization should focus on for its cybersecurity policies:

  • Audit Assurance & Compliance
  • Business Continuity Management & Operational Resilience
  • Change Control & Configuration Management
  • Data Security & Information Life Cycle Management
  • Data Center Security
  • Encryption & Key Management
  • Governance and Risk Management
  • Human Resources
  • Identity & Access Management
  • Infrastructure & Virtualization Security
  • Interoperability & Portability
  • Mobile Security
  • Security Incident Management, E-Discovery, & Cloud Forensics
  • Supply Chain Management, Transparency, and Accountability
  • Threat and Vulnerability Management

QOS Consulting has developed and identified protection plans for all the areas listed above. Through the many years of experience our staff has under its belt, we always do our very best to ensure your assets, networks and systems a secure.

Don’t miss these other great articles about Cybersecurity:

Why Keep A Data Center in 2020?

2018 data center example

Many companies are asking why they should keep their data centers in 2020 since the move to cloud-based or service-based offerings. While Amazon’s AWS Cloud, Microsoft’s Azure Cloud and Google’s Cloud Platform have brought us many things, account management, accountability and support don’t make the list.

Here are our top reasons to keep a data center in 2020:

Ask anyone in business about control and suddenly the term control loses it negativity, doesn’t it? Businesses want control over their expenses, to control the sales process, and control over who owns shares of the company, just to name a few. Take control of the choices you are making and don’t settle for what others are doing or what the big mega companies are telling you. Have standards and convictions.

Who Is Driving The Boat | The Faceless Organization?

When we are not in control of things we entrust someone else to drive that boat. Entrusting others is a very good thing, some call that delegating, but is often only given if that trust has been established and a track history has been proven, at least in the business world. QOS Consulting, Inc. in Hoffman Estates Illinois, like other consulting firms and Managed Service Providers, develops solid working relationships with our clients. The relationships start off with small things and work up to larger responsibilities over time. Relationships and trust are not something that is freely given or earned overnight. They are developed over time.

Here is a great example in my opinion that many CFOs should be able to relate. I handle all my retirement planing with one person that is with a company that has been in business for years. I like my financial retirement planner because he calls me often about suggestions, emails me often about how my funds are doing, takes me to lunch every year to thank me for my business. I feel like my funds are in good hands because of the relationship we have built over the years. In the beginning, I didn’t just move all my retirement funds over to him. I made him earn it. I made him show me that he wanted to develop a relationship with me and would safeguard my retirement assets.

Since Amazon’s AWS Cloud, Microsoft’s Azure Cloud and Google’s Cloud Platform are geared towards self-service (do it yourself), you now are putting your trust into a faceless organization. One whose primary focus is profitability, not developing relationships or earning your business. Don’t you want to put a face to those you entrust with the systems that enable your business operations and drive sales? Technology is a great tool, but when it fails, all you can do then is look towards yourself and the self-service options you elected.

Make the right choice and choose a technology partner like QOS Consulting, Inc. who has experience as a Managed Service Provider and Data Center Provider. QOS Consulting, Inc. cares about the relationships we cultivate and we can always meet you face to face.

Accountability and Ownership | What About The Service Level Agreement?

When problems occur, and they will, large organizations have large problems. Theft of sensitive information can destroy a business’s reputation. Extended interruption of service can cause customers to think twice about using your company in the future. Data loss can lead to legal action. Are you in good hands?

QOS Consulting, Inc. in Hoffman Estates Illinois, like other consulting firms and Managed Service Providers, are well educated in all the Cloud offerings of Data Center providers. What makes QOS Consulting, Inc. different is that we own and operate our own data center. Yes, we can also manage systems on Amazon’s AWS Cloud, Microsoft’s Azure Cloud and Google’s Cloud Platform.

So where do the accountability and ownership fall when your service or system is offline? Ever call your Internet Provider to complain because your service isn’t working? You probably have gotten the “We are very sorry for the inconvenience, but we will issue you a credit for as long as your service has been out….”. That is part of The Service Level Agreement.

The Service Level Agreement says we want to provide a percentage of up-time, and if not, a credit is due for the downtime. That’s great, but that isn’t a guarantee. In fact, no one can make a 100% guarantee and that’s why there is the Service Level Agreement.

Taking accountability should mean more than a mass apology email by some CEO you never heard of before or a tiny credit on your bill. Outages cause mass disruption to businesses. And it doesn’t mean having to fill out TPS reports to get your service outage credit. Let’s break down the Amazon’s Compute Service Level Agreement:

  1. Service commitment is 99.99% uptime. From AWS –
  2. Service credits are issued when your systems are not online 99.99% of the time. From AWS –
  3. WHERE’S MY MONEY BRIAN! You only get your money if you can prove that your system was down.  From AWS –

Make the right choice and choose a technology partner like QOS Consulting, Inc. who has experience as a Managed Service Provider and Data Center Provider. You will never feel like just another client of QOS Consulting, Inc.’s and if your service or systems ever go down, we will make sure you know how we plan on preventing it from ever happening again. Your relationship with us is paramount and we will never make you fill out TPS reports. QOS stands for Quality of Service, let us show you the quality of our service.

Email Support vs Phone Support | You know who isn’t winning – you!

Monday morning at 7 am usually involves commuting to work for most of us. On this day though all your systems are down at Amazon’s AWS Cloud, Microsoft’s Azure Cloud or Google’s Cloud Platform. Not to worry, you’ll just give them a call and see when things will be back online, right? Wow, slow down Hoss! We see that you haven’t purchased a support plan. If so how much are they? From AWS –

So now that you have your support plan, you need to open a case via their website, unless you paid over $15k to speak with someone that helps you through it over the phone. See AWS’s getting started guide on how to open a support case online at

Your support case is open finally and now you want answers, no wait, seriously, you have to wait and how long you wait depends on the severity level of the issue. Keep in mind this is first response, not resolution timelines. From AWS –

Make the right choice and choose a technology partner like QOS Consulting, Inc. who has experience as a Managed Service Provider and Data Center Provider. QOS Consulting, Inc. cares about your downtime and won’t make you jump through hoops to get the support you need. Not to mention you get to speak with a real live person here in the United States.