Anyone who hoped 2019 would bring a break in the pattern of rising data breach risks will be disappointed to learn that the first quarter of this year set new records in the worst way. A recent TechRepublic article notes “a record-breaking number of data breaches that exposed billions of documents to theft” — the third consecutive year more than a billion records were exposed in Q1.
Endpoints remain the weakest link in the cybersecurity chain, so the proliferation of devices increases risk exposure. IT/Sec-Ops leaders use a growing solution stack to build their cybersecurity high rise, but a weak foundation is undermining the structure. What CISOs need is a stronger cybersecurity base. But mass-marketed solutions are coming up short, as the growing cyber threat demonstrates.
How Much Cybersecurity Spending Is Enough?
Companies are spending billions on security products and services. Last year, Gartner predicted that cybersecurity spending would rise by more than 12% in 2018 and reach $124 billion worldwide this year. One of the analysts quoted in the report said high-profile data breaches are prompting enterprises to classify data and IT systems as “critical infrastructure.”
While that classification is appropriate, CISOs are starting to wonder about the payoff their companies receive from their investments in cybersecurity. Aren’t the record-breaking breaches fresh evidence that the current approach isn’t working? As if to underscore that point, at least one giant American antivirus company recently admitted that its testing lab was hacked, which doesn’t exactly inspire confidence.
IT/Sec-Ops Teams Are Overwhelmed
The “detect and respond” approach to cybersecurity is a tacit admission that bad actors can breach companies at will. The companies that build and deploy detect and respond solutions may believe they’re just facing reality by focusing on clean-up rather than prevention. But the strategy has wreaked havoc on IT/Sec-Ops team budgets and personnel.
Patch management is supposed to be a form of prevention, but it’s not working either. These are just a few of the many challenges patch management imposes on already overworked teams:
- Testing prior to deployment tends to disrupt productivity and is difficult and time-consuming.
- Patch application often involves adding and replacing many files and settings, each of which represents a potential failure point.
- Third-party applications complicate patching since tools often don’t support the latest application version.
Uninvestigated alerts are another byproduct of a failed approach to cybersecurity. IT/Sec-Ops teams with multiple detect and respond solutions get so many alerts that they simply can’t investigate them all. The Cisco 2017 Security Capabilities Benchmark Study [PDF] reports that of every 5,000 alerts, almost half (2,200) aren’t investigated — including more than 600 that are legitimate threats.
Building a Strong Foundation
As more breaches make the headlines, CISOs keep adding to their security stacks, investing more in a strategy that isn’t working. It’s not that their entire cybersecurity investment is wasted — it’s that they are building a cybersecurity high rise on a shaky foundation. What they need to do instead is find endpoint protection that really works and invest in true prevention.
Prevention technology works in a completely different way. By protecting the operating system through kernel-level policy enforcement, preventive technology blocks applications from performing inappropriate processes while allowing them to operate normally to avoid disrupting productivity. Prevention technology is the strong foundation CISOs can use to build a solid cybersecurity structure.