The fact that the Central Intelligence Agency (CIA) has a collection of exploits for hacking into anything connected to the Internet should not come as much of a surprise to IT security professionals. After all, intelligence agencies around the world have been developing and aggregating these exploits for years. Many of those exploits were also one way or another acquired from cyber criminals. Most of them are especially sophisticated and, in many cases, have already been addressed by IT technology vendors.
Thanks to political scandals involving alleged hacking conducted by agents acting on behalf of Russia and a multimillion-dollar drop in the price Verizon is going to pay for Yahoo because off multiple security breaches, many boards of directors are understandably starting to question the state of IT security within their companies.
Arguably, awareness of IT security as a risk management issue is long overdue. Almost invariably, the board of directors of most organizations is going to be asking for some proof regarding the level of IT security employed by their organizations. For most IT security professionals that means conducting an audit.
One the one IT security professionals from a budgetary perspective have never had it so good. Every IT budget forecast for the coming year projects a major increase in IT security spending. One of the latest projections put together by venture capitalists estimates that cumulative spending on IT security will top $1 trillion by 2021. Inside a lot of IT organizations, however, that news needs to be tempered by the fact that IT security spending as a percentage of the overall IT budget is relatively small. That means a double-digit increase in IT security spending, for example, might not have that much of a material impact in terms of improving IT security.
Only 36 percent of adults surveyed would choose to become a customer of the company they work for based on what they know the company’s cybersecurity practices. That finding in a survey of over 5,000 adults in the U.S. released this week by Kaspersky Lab and Hacker One suggests that despite a regular litany of breaches not much progress has been made in terms of making the average IT environment more secure.
The real issue, of course, is that business executives are as they do in almost every case weighing risk versus cost. They all know that at some level the way the organization manages data is not especially secure. The assumption they make is essentially the same one any animal that travels in a herd does. The odds are good that given all the available targets predators will simply pick off some other member of the herd while they hopefully get to travel on.
Going into the 2017 edition of the annual RSA conference this week IT security professionals are confronted with two paradoxes that will have a profound impact on their careers.
The first is that more money is pouring into IT security than ever. Organizations have woken up to the fact that they have significantly under invested in protecting their digital assets. They have also come to realize that there’s a fundamental supply and demand problem that is driving up IT security professional salaries. A new report from the IT association CompTIA notes that 25,000 IT security jobs were posted in last 90 days alone.
While those two economic indicators may provide IT security professionals with some comfort concerning their own job security it does create a vacuum than both nature and economics abhor. Stepping into that gap are a wave of emerging technologies based on machine learning algorithms and deep learning science based on neural net technologies. The goal is nothing less than automate as much of IT security process as possible.
While there was an apparent false start this week concerning the signing of an executive order by President Trump that among other things is expected to call for a complete review of Federal government cybersecurity, the one thing that is clear is that there will be more focus on IT security at the senior most levels of government. President Trump says he intends to hold each cabinet executive responsible for cybersecurity within their departments.
If and when such reviews get conducted, a new administration is about to discover issues most business leaders already all too familiar with. Most IT security today is built around network perimeters that have become all but indefensible; and anti-virus software on the endpoint that is no longer effective as it once was.
When most people think about crime it’s generally viewed as something unfortunate that happens to somebody else. Not surprisingly, that same attitude appears to be carrying over into the realm of cybersecurity.
A new survey of 200 IT decision makers working in midsized companies conducted by the research firm Vanson Bourne on behalf of Artic Wolf Networks, finds that 95 percent of the respondent rated the cyber defenses they have implemented as being above average.