Despite Doubts, Firms Investing More Into Cybersecurity

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.siliconindia.com/news/business/Despite-Doubts-Firms-Investing-More-Into-Cybersecurity-nid-183623-cid-3.html


Companies are spending close to $70 billion a year on cybersecurity tools
but are still not convinced their data is truly secure, a new study has
revealed.



According to RAND Corporation, a California-based nonprofit global policy
think tank, several chief information security officers believe that
attackers are gaining on their defences.



Despite this, the worldwide spending on cybersecurity is growing at 10 to
15 percent annually because they believe hackers may gain the upper hand
two to five years from now so they need to pull up the socks.



"Despite the pessimism in the field, we found that companies are paying a
lot more attention to cybersecurity than they were even five years ago,"
said Martin Libicki, co-lead author of the study and senior management
scientist at RAND.



Companies that did not even have a chief information security officer five
years ago have one now and the CEOs are more likely to listen to them.



"Core software is improving and new cyber security products continue to
appear, which is likely to make a hacker's job more difficult and more
expensive," Libicki said.



Charting the future of cybersecurity is difficult because so much is
shrouded in secrecy.



No one is entirely certain of all the methods malicious hackers use to
infiltrate systems and businesses do not want to disclose their safety
measures, according to the report.



The RAND study draws on interviews with 18 chief information security
officers and details the burgeoning world of cybersecurity products.



It also reviews the relationship between software quality and the processes
used to discover software vulnerabilities.



"Companies know what they spend on cybersecurity, but quantifying what they
save by preventing malicious attacks is much harder to tally," added
Lillian Ablon, co-lead author of the report.



In addition, malicious hackers can be extremely sophisticated, so costly
measures to improve security beget countermeasures from hackers.



Cybersecurity is a continual cycle of trying to eliminate weaknesses and
out-think an attacker.



"Currently, the best that defenders can do is to make it expensive for the
attackers in terms of money, time, resources and research," the authors
said.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!