It’s the beginning of October and that means it is Cybersecurity Awareness Month. We certainly came into this month with a lot of cybersecurity news that has businesses, government and consumers alike taking notice of the risks involved in a breach and the fact that we have a real need for improved cybersecurity practices. I thought this would be a good time to take a look at what the cybersecurity landscape looks like right now.
We’re making some progress in the cybersecurity battle but there is still a long way to go. At least, that’s what CyberArk’s 10th annual Global Advanced Threat Landscape Survey found. According to the report, 82 percent of organizations believe the IT security industry has made some headway against cyberattacks, but any progress has been stymied by poor security practices in three primary areas: privileged access, the cloud and third-party access. While companies are thinking about breaches, the report added, the focus seems to continue to be on the post-breach process, and IT and security departments are overconfident in their ability to stop attacks – an overconfidence that may actually be putting networks and data at greater risk. As John Worrall, CMO with CyberArk, said in a formal statement:
The findings of this year’s Global Advanced Threat Landscape Survey demonstrate that cyber security awareness doesn’t always equate to being secure. Organizations undermine their own efforts by failing to enforce well-known, security best practices around potential vulnerabilities. There’s a fine line between preparedness and overconfidence.
We’re also going to keep struggling with Internet of Things security, according to TechRepublic. Discussing the takeaways from the 2016 Structure Security conference, Conner Forrest wrote:
Intel Security's Scott Montgomery called the coming security challenges in IoT a tsunami. The issue, he said, is that manufacturers will keep producing internet-connected devices, but there aren't enough standards in place to keep everything as safe as it should be. Also, users are too willing to trade their privacy for the convenience of these devices, without understanding the risks.
Convenience over security was cited as a key to the Yahoo breach, too. There seems to be a theme here. Even looking at the CyberArk study, we want to make it look like we’re doing something about security and we’ll give it lip service to make people happy. But we’re falling behind on making security a priority. Nor are we playing well together when it comes to security. As eWeek pointed out, last year, the Obama Administration enacted the Cybersecurity Act of 2015, but, the articled added:
Despite the government action, companies have been reticent to begin sharing data on the attacks hitting their networks. One report found that while nearly 140 organizations were connected to DHS's Automated Indicator Sharing system, only one company was sharing any significant amount of information.
So, what is our state of cybersecurity? The infrastructure is being laid down to improve cybersecurity efforts, but we’re still taking too many shortcuts or bypassing the roads altogether.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba