One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 1093970 |
| Date de publication | 2019-04-15 13:00:00 (vue: 2019-04-19 10:04:23) |
| Titre | 3 enemies - the $96B in cyber crime that nobody wants to talk about |
| Texte |
They say that bad things always come in threes. The adage may testify to little but the popularity of superstition, but for security executives today, this notion regrettably passes muster. Crime, complexity and cost are three foes that every CISO must face, and while most companies think crime is the enemy, in many cases it is the latter two heads of this “cyber-cerberus” that deliver the most certain bite.
Here’s why: There’s not much we can do to wish cyber criminals away. The rising tide of threat actors will continue as the world goes digital, and we will need to be vigilant. But as an industry, there are things we can do to control complexity (and in turn cost), and it’s time that we start working together to reduce their impact. How do we do that? Well, let’s take a closer look at these three components.
Everyone knows about enemy number one: crime
Unless you have been living under a rock for decades, you know that cyber crime is one of the world’s largest problems. We’ve read statistics on breaches and seen countless companies in the headlines. Undetected attacks increase the numbers even more. IoT botnets, state-sponsored attacks, machine-learning malware, and the rise of ransomware make CISOs agree that cybercrime is undergoing a vigorous evolution. Sadly, crime has been with us since the dawn of civilization and is not going away anytime soon. This enemy is a constant.
Which brings us to a hidden enemy - complexity
With so many barbarians at the gate, protection, detection and response has become ensnared in a painfully involuted multiplicity of requirements and solutions. Cyber security practitioner groups suggest 14-18 controls to get started. SANS defines 20 security measures as “critical.” Fortune 500 firms typically engage 50+ security vendors. One global bank cited 170+ vendors at the Blackhat security conference last year. Plus, there are at least 32 government and industry bodies dedicated to cyber regulations.
There are well over 1000 individual security solutions in the market for CISOs to consider, and dozens one must review for any particular purchase. Vendor research, trial periods, internal reviews and integration requirements grow exponentially as products are added.
Even when you finally determine the products you need, they must be tuned, serviced and regularly upgraded by skilled engineers. There are so many individual challenges to integration of security solutions that I couldn't list them all here. And the cycle of new products, responding to new threats—it never ends. All of this complexity leads to the biggest enemy that we need to focus on.
Our most insidious enemy is, of course, cost
It’s important for CISOs to remember that their company is not in the business of cyber security—they make airplanes, design toasters, perform financial services or focus on something else, unrelated to security. I have never met a single business executive who preferred to divert resources from the core business to spend more on security...not one. The CISO who achieves results at lower cost and restores money to the core business will be recognized as a true partner in the business and be rewarded with a bigger seat at the table.
Today, adequately responding to the threat ecosystem costs hundreds of thousands of dollars annually for the typical company, and many millions for large enterprises. Monitoring and maintaining defenses requires specialized engineering roles that come with six-figure salaries, if you can even find the talent.
|
| Envoyé | Oui |
| Condensat | $96b “critical “cyber “one 1000 170+ 50+ 500 about account achieves actors actually adage added adequately advocating agree ahead airplanes all allow already always annually anxieties any anytime appliance architected are attack attacks away back bad bank barbarians become been before best better bigger biggest billion bite blackhat bodies botnets breaches breed brings budgets built bundle bundles burden business but buyer buyer’s buyers can can’t cases cerberus” certain challenges ciso cisos cited civilization close closer cloud come coming community companies company complexity comply components conference consider considerably consolidated constant continue control controls core cost costs couldn't countless course creating crime crime— criminals criticize customer cyber cybercrime cycle dawn decades dedicated defense defenses defines deliver demand design detection determine digital divert doing dollars done” dozens ecosystem effectively effects else end ends enemies enemy engage engineering engineers ensnared enterprise enterprises entirely entrepreneurs even every everyone evolution executive executives existing exponentially extensible face figure finally financial find firms first fistfuls focus foes fortune freed from gartner gate get global glut goes going government groups grow guys has have headlines heads held here here’s hidden how hundreds impact important increase individual industry insidious integrate integrated integration internal interoperability involuted iot isn’t issues—like it’s itself know knows large largest last latter leads learning least led legacy let’s life list little living lock long look looking lower machine maintain maintaining make malware management many market may measures met millions mind model money monitor monitoring more most much multiplicity must muster need needs never new nobody nor not notion number numbers offer one one: open over painfully particular partner passes peddlers pegged perform periods plus policy popularity practice practitioner precious preferred pressure prevent problems product products protection providers purchase ranks ransomware read recognized reduce regrettably regularly regulations regulatory remember repercussions requirements requires research resources responding response responsibilities responsibility responsible restores results review reviews rewarded rise rising rock roles sadly salaries sans say seat secondly security security—they seen sellers service serviced services should side silos since single six skilled smaller software solely solutions something soon specialized spend sponsored start started state statistics stay stop suffering suggest suite suites superstition sustainable table tackling take taking talent talk term testify than them themselves there’s these things think thinking thousands threat threats—it three threes throwing tide time toasters today together toll transforming trial triple true truly tuned turn two types typical typically under undergoing undetected unless unrelated upgrade upgraded users vc’s vendor vendors venture victim vigilant vigorous vulnerabilities wants we’ve well when whether which who why: will wish wonder working world world’s year you’re |
| Tags | Ransomware Threat Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.