Cyber Security in the Mainstream
During last night’s US Presidential Debate between Nominees Hillary Clinton and Donald Trump, the topic of Cyber Security took a central role.
In this briefing we will examine the impact of Cyber Security moving into the mainstream and associated challenges.
Cyber security has spent most of its existence as an afterthought. Until only a few years ago most companies and governments attempted to secure their infrastructure and software with dedicated teams of little authority. In many places, this is still the approach used today.
The prevailing views on hacking of that time period can be summed up as
- The impact of a successful attack is limited
- No one dies from a cyber attack
The collapses of companies as direct results of cyber attacks and high-profile leaks during this election season have wiped out the first assumption. The demonstrated attacks on infrastructure, pacemakers and smart cars are working to overturn the second assumption.
As panicked media reports highlight the impact of cyber attacks on a weekly basis, corporate and governmental leadership as well as the general population has started taking a strong interest in the security of IT infrastructure.
For the Cyber Security industry, this sudden interest is a mixed blessing. On one hand, any increase in awareness leads to an increase in spending and thus to the development of better defensive tools, policies and trainings. At the same time, more money also means higher incentives for attackers.
Many traditional and smaller cyber security firms struggle to scale up with the sudden demand learning to many new companies springing up to fill the void. While most of them have good intentions, the difficulty to acquire infosec talent has led to the average quality of service decreasing across the industry. As with any boom, a certain number of snake oil sellers are attempting to cash in as well.
While no exact figures are available, it appears that the same constraints do not affect those engaging in illegal activity. The spiking prices for 0day exploits, sophisticated malware and attack services have given criminal organizations more than adequate funds to acquire the talent they require.
The hightened interest in Cyber Security will in the long run make infrastructure more secure. In the short term however, the ongoing arms race between attackers and defenders will lead to high volatility and many successful attacks.
Organizations are advised to regularly review their policies and strategies regarding cyber attacks. Information security needs to be at least partially taken in-house - the days when it could be fully outsourced as an afterthought are over.
A brief message in Reflare’s own interest:
Our PCI-DSS compliant RCSD training series has recently added support for C# in addition to PHP. Please contact us directly for a free trial.