Escaping the Cybersecurity Vortex

Vortex: A place or situation regarded as drawing into its center all that surrounds it, and hence being inescapable or destructive

Corporate chief information security officers are leading defenses in an extraordinarily challenging time. The volume of attackers, vulnerabilities, exploits, advisories, vendor offerings and even media coverage is quite overwhelming. The costs are unprecedented when you consider both the damages from successful attacks and the investments in cybersecurity programs. In fact, we’ve created a cycle of spending that I now refer to as the “cybersecurity vortex.”

It is no secret that the number of security incidents is growing, and that attacks are evolving to be more targeted and more damaging. The cost per breach is steadily increasing — in terms of loss of revenue, brand reputation and drop in share prices. To counter this problem, many companies have steadily increased investment in technology and people to improve defenses and reduce costs incurred from attacks.

But have our increased investments, focused mostly on new tools and technologies, been effective? It doesn’t appear so. In fact, we are still unable to even detect the majority of attacks, let alone prevent them. According to Sarbjit Nahal, managing director and head of thematic investing at Bank of America Merrill Lynch, “there are 80–90 million plus cybersecurity events per year, with close to 400 new threats every minute, and up to 70% of attacks going undetected.”

The effectiveness of our technology-centric approach to combating cyber incidents seems to be plateauing. Year on year we spend more on technology, but with scant evidence of meaningful return. We are not only losing the battle against our adversaries but falling farther behind. This is disconcerting as resources are finite and throwing more people and technology at the problem is unsustainable and ends up reinforcing the cybersecurity vortex.

We’ve talked for years about doing more with what we have. Vendors try to provide more data on ROI, and nearly every CISO has heard advice from consultants on optimizing their cybersecurity program. None of this has really broken the cycle. It is not because our defense strategy is faulty, it is just incomplete. We continue to think about how to do more with what we have as individual companies, when we need to think more about how to do more together.

We practice cybersecurity within our individual companies, with limited ability to understand actual attacks happening outside our four walls. Each company conducts the same analysis and develops the same mitigation for the same attack families as their peers without collaborating. We are reinventing the wheel inside our enterprises on a massive scale. And while it may be lucrative to vendors, it is not sustainable for large and small companies alike.

Collaboration is the force multiplier we need to tip the economics of cybersecurity back in our favor. The rapid exchange, correlation and analysis of real incident data among companies will help yield a better return on our investment in technology and people. A common operating picture of incidents occurring in companies, in addition to leveraging others expertise, will degrade the ability of our adversaries to recycle the same attack against multiple targets and increase their costs as opposed to our own.

We live in a time of great technological advancement. Companies must now leverage these advances to create a real incident exchange and collaboration platform if we are to escape the vortex. To learn more visit TruSTAR.