I’ve been writing about IT security for nearly a decade. I’ve seen the progression of cybersecurity problems and cybersecurity solutions. I remember the number of professionals I spoke with who shrugged off the need for security and the businesses who told me point blank that they’d never trust cloud computing because it will never have good enough security protections. I’ve seen the shift in attitudes (not to mention the number of other writers who have picked up the topic because it is “hot” and everybody wants to read about it now).
On one hand, we’ve come a long way in our knowledge and acceptance of cybersecurity needs. Yet, in these early days of 2016, I’m seeing a lot of conflicting reports. One day we are being told that businesses are doing more to increase their security budgets, for example, while the next day, a study is saying that businesses aren’t doing enough to secure their data. We’re seeing a lot of mixed signals – even within the same report.
One of the top findings from this year's report was that defender confidence is dropping, with only 45% of global organizations worldwide confident in their security relative to today's threats. However, many executive said they expect greater transparency on security in the future. According to a company press release: ‘This points to security as a growing boardroom concern.’
As the report shows, it would seem that businesses want to do something about security, but too many obstacles are in the way, such as an aging infrastructure and outdated organizational structure that block any headway toward better cybersecurity.
I found one point in the report to be very problematic, yet it fits into this weird security paradox we seem to be in. At a time when it is clear that security has to be a higher priority for everyone, Cisco found that SMBs are dropping the ball. Web security for SMBs dropped 10 percent from 2014 to 2015, the report found, and this is a statistic that could hurt SMBs beyond the risk of a network breach. This decrease in security is coming at a time when more SMBs are looking to partner with larger enterprise as part of the supply chain. We’ve seen how security flaws in small businesses create serious problems for large companies (Target, anyone?). Why would a large corporation want to take the risk on a vulnerable small business if it could result in a major security breach?
I think Darren Anstee, chief security technologist, Arbor Networks, summed up the fluxes in security reports and security standards in his comments in IT Pro Portal:
This report serves as yet another confirmation that attackers are becoming ever more sophisticated and, as a result, it is becoming ever more difficult to identify and stop their activities before they reach their goal. Although detection technologies, threat intelligence sharing and IR processes are improving in many cases, many businesses are still not able to prevent a breach, something that can have huge legal and financial consequences – as well as a significant loss of customer trust, especially if disclosure is not handled well.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba