Only 36 percent of adults surveyed would choose to become a customer of the company they work for based on what they know the company’s cybersecurity practices. That finding in a survey of over 5,000 adults in the U.S. released this week by Kaspersky Lab and Hacker One suggests that despite a regular litany of breaches not much progress has been made in terms of making the average IT environment more secure.
The real issue, of course, is that business executives are as they do in almost every case weighing risk versus cost. They all know that at some level the way the organization manages data is not especially secure. The assumption they make is essentially the same one any animal that travels in a herd does. The odds are good that given all the available targets predators will simply pick off some other member of the herd while they hopefully get to travel on.
The trouble with that thinking, of course, is that not only is the predator population starting to multiply, they are also getting a lot more efficient at hunting in a proverbial pack. Very few cybercriminals, for example, go to the trouble of writing their own code when they can acquire the tools they need on the dark web. In fact, given the large numbers of cybercriminals employed by organized crime and various nation states it’s a certainty that intelligence about vulnerabilities is being shared.
In fact, ransomware is indicative of how far afield those predators can now roam. Ransomware is now the foundation of a billion dollar business that routinely targets small and big businesses alike. In general, a separate recent Kaspersky Lab report estimates that the rate at which cyberattacks are being launched has increased from every two minutes in January 2016, to every 40 seconds by October 2016. At that rate, it’s clear that cybercriminals are employ automation at levels of scale that a few short years ago would have been thought to be unimaginable by most.
The real business issue, of course, is who is to be held liable for all data being stolen. Business executives tend to view being able to conduct business online as an almost inalienable right. When they fall victim, their initial reaction is akin to what might be expected of someone who found themselves suddenly robbed on the street. Regulatory bodies around the world, however, are taking an increasingly jaundice view of that incredulity. Their assumption is that the business was simply careless when it came to securing customer data. As such, penalties for losing customer data are rising. That may seem like punishing the victim in some circles. But the only way business executives are going to give IT security it’s full due is when the risk reaches a level deemed either unacceptable to them personally or the investors that provide the funding.
What’s most troubling about the number of U.S. adults that would not choose to be a customer of the organizations they work for (64%) is that despite the sharp rise in risk there’s clearly not been nearly as much progress being on basic security. Or to put it another way, the risk versus reward equation when it comes to IT security is still tilted very much in the wrong direction.
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot.Mike also blogs about emerging cloud technology for Intronis MSP Solutions by Barracuda.