home Software Applications IT security: does more money mean better results?

IT security: does more money mean better results?

Mar 25, 2015

This post is also available in: עברית (Hebrew)

So far, the rising budgets on Data Security do not seem to inspire greater confidence in the results.

A new report looking at how organizations view the future of cyber threats and these organizations’ current defenses, surveyed more than 800 IT security leaders and professionals. The report found that more than 70 percent of respondents’ networks had been breached in 2014 – a 62 percent increase from 2013.

Security concerns are only going to increase as the number of Internet connected devices increase from fourteen billion today to fifty billion by 2020. More troubling is that 52 percent of respondents predict that a successful cyberattack against their network would occur within the next twelve months.

According to Home Land Security News Wire, the CyberEdge Group’s 2015 Cyber threat Defense Report shows a very poor link, if at all, between spending and results. Perhaps this is due to the fact that pessimism and lower expectations are the primary qualities of those in charge of IT security. Perhaps the results also point to the fact that it simply takes time for the investments to come to fruition.

Meanwhile cybersecurity spending will continue to increase, as 62 percent of respondents expect their security budgets to grow this year. Of the ten categories of cyber threats outlined in the survey, phishing/spear-phishing, malware, and zero-day attacks are considered by respondents to be the greatest threat to organizations. Denial of service attacks, watering hole attacks, and drive-by downloads are of least concern, as hackers get more sophisticated in their activities.

Some organizations are now investing in offensive strategies such as those proposed by South Korean-based Cuvepia Inc. The company offers a monitoring program which sounds an alarm when it detects certain suspicious activity inside a network, such as a series of unauthorized logins.

Under such a scenario, a response team can monitor a hacker as he moves inside the targeted system and then respond by cutting off the hacker’s connection, or trick the hacker into stealing empty files, before damage is done. “Because hackers are in your palm, you can enforce any measures that you want,” said Kwon Seok-chul, Cuvepia’s chief executive and a member of an advisory board for South Korea’s cyberwarfare command.