Cybersecurity: The never-ending cycle

Companies are becoming increasingly aware of the steps they need to take to prevent cyber attacks on their organization. In addition, they are increasing the amount of money they are spending on security prevention tools—worldwide spending on cybersecurity is close to $70 billion a year and growing at 10 percent to 15 percent annually.

Unfortunately, organizations and executives are not convinced that their spending and training is truly secure, and believe that hackers will once again have the upper hand anywhere between 2 and 5 years from now. Cybersecurity seems to be a vicious, never-ending cycle of the “good guys” stepping up their security and training to prevent attacks, only to be followed by the “bad guys” discovering new methods to infiltrate systems.

The bad news

For many security executives and leaders, cybersecurity is a frustrating process. They can easily figure out how much time and resources their company is spending on security, but it is much harder for them to quantify what they have saved by preventing attacks on their systems. Cybersecurity has become a continuous cycle to outsmart attackers and try to eliminate a weakness or prevent an attack before it even happens. The best step of defense is to make cyber breaches by attackers expensive for them in terms of money, time and research. On top of the loss of valuable data and assets, organizations also suffer from damaged reputations when an attacker is able to successfully infiltrate their systems.

The good news

Despite the fact that cybersecurity seems a somewhat exhaustive and frustrating process, organizations are paying more attention to cybersecurity than they were 5 years ago, which is a step in the right direction. Martin Libicki, co-lead author of the study and senior management scientist at RAND, a nonprofit research organization says, “Companies that didn’t even have a chief information security officer five years ago have one now, and CEOs are more likely to listen to them. Core software is improving and new cybersecurity products continue to appear, which is likely to make a hacker’s job more difficult and more expensive.”

Closing the gap between cyber attacks and our preventative methods will take two things:

1. More versatile technology
2. More disciplined users

The technology we set in place to prevent attacks needs to be updated and able to keep up with the new methods attackers are throwing our way. Attackers are using new methods of hiding their tracks, encrypting their traffic and breaching into our systems nearly unnoticeable—security systems need to be able to detect this. In addition, changes must be made on the user’s end—in a vast majority of successful breaches, the initial attack site was a single user at a single system point, clicking on an attachment or corrupted link.

While the cycle of cyber attacks and increased security may seem exhaustingly overwhelming, companies are becoming more aware of the importance of security training and preventative measures. If companies continue to focus on improving their security technology and training their system users in safety, they may start to see a decrease in the attacks made on their organization.