Cy­ber­se­cu­rity fears grow as de­fenses boosted: study


The re­cent epi­demic of cy­ber­at­tacks has led to greater in­vest­ment and spend­ing on se­cu­rity, but fears are ris­ing that hack­ers are gain­ing the up­per hand, a study showed Wed­nes­day.

A Rand Cor­po­ra­tion study based on a sur­vey of com­pany chief in­for­ma­tion of­fi­cers said ris­ing con­cerns from high-pro­file in­ci­dents have made cy­ber­se­cu­rity a pri­or­ity for many or­ga­ni­za­tions.

The au­thors cited prior re­search show­ing world­wide spend­ing on cy­ber­se­cu­rity is ap­proach­ing $70 bil­lion per year and grow­ing at 10 to 15 per­cent an­nu­ally but said that “it would be an un­der­state­ment to say or­ga­ni­za­tions are dis­sat­is­fied with their se­cu­rity.”

“Com­pa­nies know what they spend on cy­ber­se­cu­rity, but quan­ti­fy­ing what they save by pre­vent­ing ma­li­cious at­tacks is much harder to tally,” said Lillian Ablon, a Rand re­searcher and co-au­thor of the re­port.

“Cy­ber­se­cu­rity is a con­tin­ual cy­cle of try­ing to elim­i­nate weak­nesses and out-think an at­tacker. Cur­rently, the best that de­fend­ers can do is to make it ex­pen­sive for the at­tack­ers in terms of money, time, re­sources and re­search.”

The re­searchers found that the ef­fect of a cy­ber­at­tack on rep­u­ta­tion — rather than di­rect costs — caused the most con­cern for chief in­for­ma­tion se­cu­rity of­fi­cers.

The re­port in co­or­di­na­tion with Ju­niper Net­works said the cost of man­ag­ing cy­ber­se­cu­rity is set to in­crease 38 per­cent over the next 10 years across all busi­nesses — largely from in­vest­ment in tools and train­ing, and deal­ing han­dling the use of per­sonal de­vices such as smartphones which connect to cor­po­rate net­works.

“One of the most chal­leng­ing is­sues fac­ing com­pa­nies is the coun­ter­mea­sures at­tack­ers use to evade de­fenses,” the re­port said.

“At­tack­ers are con­stantly de­vel­op­ing coun­ter­mea­sures to new se­cu­rity tech­nolo­gies, which lim­its the rel­a­tive ef­fec­tive­ness of those tools over time and re­quires com­pa­nies to in­vest in new tech­nolo­gies to take their place.”

Shrouded in Se­crecy

The re­searchers said eval­u­at­ing cy­ber­se­cu­rity is dif­fi­cult be­cause so much is shrouded in se­crecy. De­spite the wave of at­tacks that have be­come public in re­cent months, the meth­ods used by hack­ers use to in­fil­trate sys­tems and coun­ter­mea­sures are of­ten kept pri­vate.

The re­port noted that “cy­ber­se­cu­rity is a hard sell, es­pe­cially to chief ex­ec­u­tives” but that there is now greater fo­cus on se­cu­rity mea­sures.

“De­spite the pes­simism in the field, we found that com­pa­nies are pay­ing a lot more at­ten­tion to cy­ber­se­cu­rity than they were even five years ago,” said Martin Libicki, a co-au­thor of the re­port.

Newspapers in English

Newspapers from Taiwan

© PressReader. All rights reserved.