Cyber Security firms are innovating at a pace never seen before trying to keep with various attack vectors facing organizations and individuals alike. It’s no secret that cyber security is a lucrative area to be in, but what is really driving this huge market and will it ever slow down? The speed and sophistication of attacks that happen to corporate America are on the rise and businesses that once held the stance of “we’re not at risk of being hacked” are now admitting that it’s no longer a question of “if” but “when”. With these escalating concerns, businesses are forced to pay big bucks to security firms to help reduce their risk, or look into IT managed services. They are also spending more on remediation of existing deficiencies as evidenced by this statistic and article from Business Insider: Cybersecurity is a $81.7 billion market - and startups are raking in the dough.
The Russian Roulette of The Click
As businesses have adopted technology to improve efficiencies and propel them forward into unprecedented growth in the marketplace, the relentless task of ensuring privacy and security has become a worrisome issue for most executives. The popular Hollywood movie blockbusters of “Sneakers” and “War Games” (released 1982 and 1993 respectively) pointed out the reality of security threats in government, public and private sector business marketplaces. It wasn’t until the personal computer became mainstream and affordable, the explosion of IoT and wearables, and the continued push of mobility that the threat of security crossed from business into an outright guerrilla warfare on individuals. Businesses suffer from brand corruption and individuals from identify theft and other security compromises that have devastating effects on personal credit and long term business viability. Movies like “Enemy of the State” point out legislative challenges requiring the need for metadata that can be collected from an endless supply of broadcasting accessories that we subject ourselves to. Cases like the "Government vs. Apple" for the release of apple IDs is becoming more and more prevalent in our society.
The problem really seems to be in just how compulsive we are while tethered into the diverse networks we may be navigating. For those who are not given adequate training into online safety, the allure to click on the link or the attachment or image embedded in an email we receive or to even open an email at all from an unknown sender seems to ensnare the novice user into a net of regrettable woe. They become infected with malware or other malicious content and exploited. So, whether from personal experience or formal training many of us simply cannot turn down the temptation of clicking on things we shouldn't be. Wombat Security’s “State of the Phish” reports that 76% of infosec professionals still report their organizations being victims of a phishing attack*. So where does one start?
The Norse Map clearly shows just how much the USA is being attacked by foreign powers and that the rate of attacks are not slowing down. The reality is that security firms start from many different places; some from boundary or endpoint security, others from application and network security, while others focus on network intelligence and analytics. Given the vast amount of security providers that are out there, it can be a very daunting task to decide who to trust and where to start. Businesses across America are faced entrusting security firms with the most sensitive aspects of their business and placing that trust can and is often not made lightly.
The sheer number voices from the marketplace constantly bombarding the Business of IT claiming their security practices are best-in-class and can meet the growing demands of corporate America to secure the enterprise, is overwhelming. I know, I’m one of those voices. What is evident to me is that no one, single provider seems to have everything you need. Securing the enterprise is complex, it’s sophisticated, and it requires expertise and tooling that taps into all areas of the business. The thought of being able to only rely on in-house expertise for security is really like playing Russian Roulette or an illusion that many corporations have yet to grapple with.
With the complexity of security and just how fast things change, businesses need a partner whom they can trust to stay on top of all things security. After all, we all like the latest viral video and the change in employee behavior to stop clicking is likely not going to go away anytime soon. If you want to continue this discussion, check out this information on Evolving Challenges in IT Security.