If you deal with enterprise systems security, you likely have an idea what your annual expenditure for security and forensic security is. It's huge. It's a time and resource suck like few others.
The licensing costs will vary, but they're a considerable fraction of most organizations' annual IT spend. Ready-made modular costs are platform-dependent. In Windows, it might be a framework from Symantec, Intel Security, or a host of others. Integration into Active Directory isn't so much difficult as it is tedious. If you start or add Linux, the cost shifts towards any number of frameworks that require at least a moderate amount of labor costs in customization, maintenance and ongoing platform mods.
All of this lasts for perhaps a year or so-until security trends force organizations to re-do infrastructure, license upgrades, rethink patches and fixes, and/or perhaps additionally covered platforms and turf. A tired analogy of Whack-A-Mole takes place because increasingly fluid communications have a baked-in quotient of additional security baggage that has become requisite.
Once on the security baggage gravy train, you cannot get off.
To make matters worse, those responsible for security have to sell corporate management on security needs. These communications are assumed to be a cost of doing business.
This often makes security seem hopeless-even to the optimistic.
This needs to stop.
A better approach: Law enforcement needs to step up
Prosecutors need to increase their focus on catching spammers, hackers and system crackers and put them in jail-not small-time criminals such as marijuana users, speeders and loose cigarette sellers.
The problem is police, prosecutors, judges and states attorneys don't fully understand the basic problems of systems infrastructure and how to police systems security. They often don't know what systems security means, how assets are protected, and how they are stolen or compromised.
There are no beat cops on the Internet.
Add to that a Congress whose knowledge of even basic systems infrastructure is non-existent and a secretary of state (and numerous predecessors) who had her own messaging systems, and the problem becomes huge. Rebuke, it seems, starts at the top.
To fight this cyber war, we need task forces and special private operations groups that look into such things as malicious spam payloads and bot-nets. And we need to put those criminals in jail.
I know it isn't cheap to hunt down cyber crooks, but we have to do this. And yes, despite my distaste of curing things by government, it's a common interest: national asset security and trust.
The bad guys are winning, and it's costing the economy loads and creating trust issues. And until we have public policy combined with appropriate funding to address the problem, the breaches will continue-until we've all been robbed.
Sign up for CIO Asia eNewsletters.