Last year, private sector companies globally spent more than $75 billion on security software to safeguard their systems and data.
That number is expected to grow about 7% annually, according to Gartner and other analyst firms. It doesn’t include all the massive amounts spent on fraud prevention by banks, a number that is widely underreported and expected to reach into the billions annually.
Has all that spending made private sector data and systems any safer? Is customer personal data any safer?
The general answer is no, according to many analysts, but that’s not necessarily because the latest software is considered ineffective.
As security software has grown more sophisticated in recent years, so have the bad guys. Data breaches have soared in the past two years. One of the worst emerging problems is ransomware, where hackers demand payment to return sensitive data they’ve stolen or locked up to the rightful owner.
In interviews, four analysts said cybersecurity is a huge challenge because the bad guys are getting smarter. In recent years, the smartest hackers have found ways around some existing security software, especially signature-based antivirus (AV) software. (Signature-based AV compares signatures of files on a system to a list of known malicious files, while the use of behavior-based AV is growing in popularity because it watches processes in a system for signs of malware and then compares those signs against known malicious behaviors.)
These analysts ticked off a list of concerns: Many companies aren’t yet deploying new approaches like security analytics to detect suspicious events. (Security analytics refers to gathering and linking diverse kinds of security event data and using advanced techniques like machine learning or neural network models.) The growth of cloud computing has also put sensitive enterprise data outside the more secure data center. Sometimes workers inside companies aren’t properly monitoring their security software or setting up sufficiently protective cybersecurity policies.
“Companies are worse off by 100% [with cybersecurity] compared to 10 years ago because the world is more complicated now,” said Gartner analyst Avivah Litan.
“We are safer in a way, but criminals -- the advanced ones-- can still get through. Companies have definitely raised the cybersecurity bar, but criminals can keep going higher than the bar. It’s a cat and mouse game, and when you put in a trap, they find a new technique.”
Despite billions of dollars spent on signature-based antivirus software, for instance, today’s smart criminals can beat it, Litan added.
Hackers have huge financial incentives to resell employee personal information or corporate secrets.
“Basically, all that sensitive data that was seized is out there to resell and use to target companies,” Litan said. “Thieves set up money laundering accounts to funnel the billions that are stolen every year, and it is now much easier to get money and intellectual property out of the system.”
'Always playing catch up'
Sign up for CIO Asia eNewsletters.