CybersecurityIT security spending grows, but confidence in cyber protection measures does not

In the CyberEdge Group’s 2015 Cyberthreat Defense Report, which looks at how organizations view the future of cyberthreats and these organizations’ current defenses, researchers found that while IT spending is increasing, confidence in the efficacy of cyber protection is declining.

In a survey of more than 800 IT security leaders and professionals, the report found that more than 70 percent of respondents’ networks had been breached in 2014 — a 62 percent increase from 2013. More troubling is that 52 percent of respondents predict that a successful cyberattack against their network would occur within the next twelve months.

Meanwhile cybersecurity spending will continue to increase, as 62 percent of respondents expect their security budgets to grow this year.

Of the ten categories of cyberthreats outlined in the survey, phishing/spear-phishing, malware, and zero-day attacks are considered by respondents to be the greatest threat to organizations. Denial of service attacks, watering hole attacks, and drive-by downloads are of least concern, as hackers get more sophisticated in their activities.

According toTechRepublic, a 2014 FireEye report concluded that 229 days is the average time it takes IT-security teams to discover that a company’s network has been breached. “Even more alarming, organizations only discover the breach themselves 33 percent of the time,” the report read.

Some organizations are now investing in offensive strategies such as those proposed by South Korean-based Cuvepia Inc. The company offers a monitoring program which sounds an alarm when it detects certain suspicious activity inside a network, such as a series of unauthorized logins. Under such a scenario, a response team can monitor a hacker as he moves inside the targeted system and then respond by cutting off the hacker’s connection, or trick the hacker into stealing empty files, before damage is done.

“Because hackers are in your palm, you can enforce any measures that you want,” said Kwon Seok-chul, Cuvepia’s chief executive and a member of an advisory board for South Korea’s cyberwarfare command.

It should be noted that installing Cuvepia’s least expensive monitoring program on 1,000 computers could cost roughly $410,000 for the first year. Dave Toomey, assistance vice president, Cyber Business at SRC, Inc., wrote in a statement to the Homeland Security News Wire that “while it may be feasible for large businesses to employ a team of experts outfitted with state of the art security tools to capture and confuse adversaries who have infiltrated company networks, the same can most likely not be said for the smaller businesses who play an equally important role in today’s global economy.”

The 2014 Sony Pictures hack was a wake-up call for many organizations, including small businesses, which had yet to consider their cyber vulnerabilities. “Cyber threats hit an all-time high in 2014, in terms of not only the number of breaches but their impact on all aspects of business. Who would have thought that we would see a time when a simple movie would spur attacks that forced an entire industry to publicly address the way it thinks about privacy, piracy, and geopolitical implications of the product it produces,” said Steve Piper, CEO of CyberEdge. Sony was unaware that its systems had been infiltrated by hackers until employee information was discovered on the Internet.

Security solutions will require teamwork, Toomey says, adding, “One of the biggest challenges facing companies today is knowing whether or not their infrastructure has been compromised.”

Security concerns are only going to increase as the number of Internet connected devices increase from fourteen billion today to fifty billion by 2020. “These are indeed dangerous times, but there is still cause for optimism as organizations take active steps to prepare for the unexpected. Welcome to the new reality,” Piper said.