Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Tuesday, 28 March, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Cybersecurity Predictions 2016: Luck or Leadership?

by The Gurus
December 17, 2015
in This Week's Gurus
Share on FacebookShare on Twitter

Cybersecurity Predictions 2016: Luck or Leadership?
By Simon Crosby, Co-founder & CTO, Bromium
In the blink of an eye, 2015 is almost over. When looking back at it and what it meant for the cybersecurity industry, this year has been predictably busy. We saw large acquisitions, including those of EMC by Dell and Websense by Raytheon, while companies such as Rapid7 and Sophos went public. Large funding rounds were a near weekly occurrence, and as a result the sector raised more than $2.3 billion within the first nine months.
Cybersecurity spending increased sharply and by the end of the year should finish at around US$80 billion, according to Gartner’s estimates. While the U.S. House and Senate continued to debate cybersecurity legislation, US government agencies amassed a whopping security budget of $12.5 billion, collectively.
There were unforgettable breaches — like TalkTalk, Hilton, and Carphone Warehouse, although the sexiest headlines went to the Ashley Madison breach. There also were countless daily reports of breaches due to “sophisticated attacks” and resulting losses from companies whose infrastructure — despite all the spending — remained woefully vulnerable. Even United States President Barack Obama stepped into the fray, cementing an agreement with China in the hope of limiting the scope of nation-state hacking. Good luck with that!
Looking back, it’s painfully clear that while we may not have known then the names and faces of the victims, or the numbers behind the M&A, funding, budget and breach news, most of this was predictable in 2014. So will next year be any different, or are we doomed to repeat the past, yet again?
Unfortunately in most respects, 2016 won’t change much: users will still unknowingly click on malicious links; IT departments will still be bad at staying up to date with patching; the bad guys will continue to attack; and the tide of misery from breaches will persist. What matters most is whether your organisation will be a victim or not. Of course you could do nothing, and be lucky. But the only way to control your fate is to lead your organisation to the high ground based on a well-considered, security-first strategy.
It is important to remember that, despite their claims, most security vendors cannot help you. Within the market we see too many “me too” vendors, who’s main focus in on the staple of detection. Within the endpoint security sector alone, over 40 vendors are bringing to market a feature set that Gartner terms “EDR,” or endpoint detection and response. The sole goal of this is to help find a breach in progress — provided you know what to look for in the first place. Despite vendor claims, detection can’t protect you, and it isn’t advancing much, even when disguised as artificial intelligence (AI). In a world of adaptive, intelligent attackers, even the best AI technologies have a tendency to make masses of mistakes. In fact, Ponemon estimates that a typical large enterprise spends up to 395 hours per week processing false alerts — approximately $1.27 million per year.
Of course, security (still) won’t be solved inside the Beltway. Year after year, public sector companies hang their hats on the hope that cybersecurity legislation will somehow do the trick. This year was no different. You may recall recall that CISA and the Wassenaar Agreement both sparked industry-wide debates around data security, civil liberties, privacy and exploit controls. There is no doubt that security is a serious issue and a hard problem to solve, but it’s one that is not going to be solved by governments. . Much like healthcare, security is a systematic problem that requires more than a band-aid or firewall to fix. Security legislation will require government collaboration that it is simply unrealistic to expect at this current time.
It is also important to remember that the same vendors that promise to secure you still won’t be held accountable for breaches. PwC predicts that the cyber insurance market will triple in the next five years. While insurance will do little for the peace of mind or job stability for CISOs whose companies experience a breach, it will hopefully force organisations to take a long, hard look at the cost of their continued insecurity. It’s time for you to force your vendors to be accountable instead. If a vendor claims to secure your network, force them to accept liability if your organisation is breached. Pay your endpoint security vendors based on the value they deliver.  Free is a good option when regulations demand the functionality, but the vendors fail to protect you. Force your vendors to put their money behind their marketing messages. Greater accountability means greater drive for cybersecurity technologies that do what they claim to do and actually help to mitigate threats.
My recommendation: Instead of relying on post-hoc analysis in the hope of spotting a breach, your focus in 2016 should be on adopting solutions that make your infrastructure more secure by design, to prevent a breach before it starts. Move to the cloud. Adopt micro-segmentation and micro-virtualisation. And upgrade to the latest operating systems.
I don’t think we’ll see an end to data breaches in the near future, but if organisations stop relying on faith in marketing claims and government and being complacent and start questioning the status quo and demanding answers and accountability from vendors, we’ll be able to see many of the breach news headlines disappear.

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

NATO builds cyber alliances

Next Post

Consumers Undermine their Online Security by Sharing Passwords

Recent News

Blue Logo OUTPOST24

New Research Examines Traffers and the Business of Stolen Credentials

March 28, 2023

How to Succeed As a New Chief Information Security Officer (CISO)

March 28, 2023

The Importance of Data Security and Privacy for Individuals and Businesses in the Digital Age

March 28, 2023
penetration testing

Cymulate’s 2022 Cybersecurity Effectiveness Report reveals that organizations are leaving common attack paths exposed

March 28, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information