Your Cybersecurity Plan – Is it Wrong?
Corporations are spending more than ever before on cybersecurity, yet security incidents are still increasing. Are the wrong products being implemented?
Thales just released their fifth annual Data Threat Report. They polled over 1,000 senior IT security executives at large corporations. Sixty-eight percent of them had suffered a major security incident. Ironically, these enterprises were spending more money on cybersecurity than ever before. Studies by Symantec, IBM, Verizon and dozens of others show the same trend. Corporations are spending more than ever before on cybersecurity, yet the number of security incidents continue to increase.
Why are so many corporations still being breached? In many cases, it’s due at least in part to a lack of effort. They simply aren’t putting a reasonable amount of resources into security. But why are companies that are putting forth realistic efforts to protect their networks still being breached at such an alarming rate?
There are many reasons why an enterprise, even one with lots of security products in place, may succumb to a major security incident. One factor might be as simple as insufficient, ignorant, or outdated plans regarding which products to deploy.
Human Nature Resists Upgrading to Modern Security Solutions
Change is difficult. It’s human nature to continue doing what one is comfortable with, or that which worked in the past. It’s relatively simple to keep updating or even expanding the same type of products that are already in place. However, just because it’s easy and no major security incidents occurred that you know of, doesn’t mean that those old tools will be effective at stopping a modern attack.
Crimeware Has Dramatically Advanced – Old Security Tools Won’t Defeat It
Today’s malware and hacking tools have changed dramatically during the last twelve months. These malicious weapons are always evolving to find new vulnerabilities and exploit them. Yet many organizations have not significantly updated their security tactics or product technologies for years. What was effective in the past is almost by definition not going to work against a modern attack.
We see this every day at Lastline. Advanced malware transforms itself constantly to defeat existing security tools. Those customers that fall prey to these new and evasive forms of crimeware are often those that have spent a significant amount of money on security products. Unfortunately, they are all too often the wrong products and just not effective today.