In their recent cyber risk report, “The collateral damage of cybercrime”, HPE reveals that the number of organizations recognizing the true financial impact of a breach is growing dramatically, but in the meantime, as these organizations are investing heavily in cyber-security, there’s often little or no payoff to this huge investment.
Combine the two insights and the data that comes from another survey, this time from CISCO (to be released next month), and it all makes perfect sense. This study reached out to over a thousand executives and found that 71% of them believe that Cybersecurity operations obstruct the business flow. Can you see a circular pattern emerging here?
Increasing breach costs (or at least, the fear of these breaches) trigger large investments in cybersecurity, which in turn obstructs with the business flow and delivers poor results in terms of mitigation, which then calls for additional improvements in cyber defenses, requiring yet even more resources allocation… leaving executive frustrated and CISO fired.
But why is that enterprises can’t break this cycle? One of the reasons often cited to justify insufficient performance on the cybersecurity side is the lack of skilled manpower, which ideally is both experienced and capable of operating the most advanced security solutions. But the truth is that such positions could not be properly staffed- there simply aren’t enough cybersecurity experts, and all programs to train people to join the workforce may eventually deliver qualified people, but these individuals (ex Army Vets or fresh out of college youngsters) are bound to be without the necessary experience.
So businesses cannot rely on the human factor to help them solve this problem. They need to rely on the appropriate technology, one which offers ample security (there’s never 100% security level, each business define its own risk tolerance) AND allows the business to continue to function. Any security mechanism which obstructs the business will eventually be scrapped or disabled. Security technology must provide sufficient security and allow the business to operate. This is what we at ReSec believe in and our Security solutions provide piece of mind and facilitate doing business, and not the other way around.
Our team will be presenting ReSec at the Israeli Cybersecurity Showcase 2016 at the RSA conference, 2/29/2017. I invite anyone with an interest in 3600 solution for his organization to contact me and schedule a demo.