Research

Cyber Security in the Mainstream

Written by Reflare Research Team | Sep 28, 2016 12:14:00 PM

There was a time when cyber security was just another IT service. Then, everything changed; media, governments and broader society finally realised what had been going on behind their backs for years - "Cyber Attacks" were indeed "the next big thing", and they needed to be prepared for one.

First Published 28th September 2016

The increase in cyber security coverage has seen a surge in demand for H&M's Classic Black Hoodies.

4 min read  |  Reflare Research Team

During last night’s US Presidential Debate between Nominees Hillary Clinton and Donald Trump, the topic of Cyber Security took a central role.

In this briefing, we will examine the impact of Cyber Security moving into the mainstream and its associated challenges.

Cyber security has spent most of its existence as an afterthought. Until only a few years ago most companies and governments attempted to secure their infrastructure and software with dedicated teams of little authority. In many places, this is still the approach used today.

The prevailing views on the hacking of that time period can be summed up as

  1. The impact of a successful attack is limited

  2. No one dies from a cyber attack

The collapses of companies as direct results of cyber attacks and high-profile leaks during this election season have wiped out the first assumption. The demonstrated attacks on infrastructure, pacemakers and smart cars are working to overturn the second assumption.

As panicked media reports highlight the impact of cyber attacks on a weekly basis, corporate and governmental leadership, as well as the general population, has started taking a strong interest in the security of IT infrastructure.

For the Cyber Security industry, this sudden interest is a mixed blessing. On the one hand, any increase in awareness leads to an increase in spending and thus to the development of better defensive tools, policies and training. At the same time, more money also means higher incentives for attackers.

Many traditional and smaller cyber security firms struggle to scale up with the sudden demand learning to many new companies springing up to fill the void. While most of them have good intentions, the difficulty of acquiring infosec talent has led to the average quality of service decreasing across the industry. As with any boom, a certain number of snake oil sellers are attempting to cash in as well.

While no exact figures are available, it appears that the same constraints do not affect those engaging in illegal activity. The spiking prices for 0day exploits, sophisticated malware and attack services have given criminal organizations more than adequate funds to acquire the talent they require.

The heightened interest in Cyber Security will in the long run make infrastructure more secure. In the short term however, the ongoing arms race between attackers and defenders will lead to high volatility and many successful attacks.

Organizations are advised to regularly review their policies and strategies regarding cyber-attacks. Information security needs to be at least partially taken in-house - the days when it could be fully outsourced as an afterthought are over.