CybersecurityCompanies making cybersecurity a greater priority, but hackers may still be gaining
Companies are spending increasing amounts on cybersecurity tools, but are not convinced their data is truly secure and many chief information security officers believe that attackers are gaining on their defenses, according to a new RAND Corporation study. While worldwide spending on cybersecurity is close to $70 billion a year and growing at 10 percent to 15 percent annually, many chief information security officers believe that hackers may gain the upper hand two to five years from now, requiring a continual cycle of development and implementation of stronger and more innovative defensive measures.
Companies are spending increasing amounts on cybersecurity tools, but are not convinced their data is truly secure and many chief information security officers believe that attackers are gaining on their defenses, according to a new RAND Corporation study.
Charting the future of cybersecurity is difficult because so much is shrouded in secrecy, no one is entirely certain of all the methods malicious hackers use to infiltrate systems and businesses do not want to disclose their safety measures, according to the report.
A RAND release reports that while worldwide spending on cybersecurity is close to $70 billion a year and growing at 10 percent to 15 percent annually, many chief information security officers believe that hackers may gain the upper hand two to five years from now, requiring a continual cycle of development and implementation of stronger and more innovative defensive measures.
“Despite the pessimism in the field, we found that companies are paying a lot more attention to cybersecurity than they were even five years ago,” said Martin Libicki, co-lead author of the study and senior management scientist at RAND, a nonprofit research organization. “Companies that didn’t even have a chief information security officer five years ago have one now, and CEOs are more likely to listen to them. Core software is improving and new cybersecurity products continue to appear, which is likely to make a hacker’s job more difficult and more expensive.”
The RAND study draws on interviews with eighteen chief information security officers and details the burgeoning world of cybersecurity products. It also reviews the relationship between software quality and the processes used to discover software vulnerabilities. Insights from these elements were used to develop a model that can shed light on the relationship between organizational choices and the cost of confronting cyberattacks.
“Companies know what they spend on cybersecurity, but quantifying what they save by preventing malicious attacks is much harder to tally,” said Lillian Ablon, co-lead author of the report and a researcher at RAND. “In addition, malicious hackers can be extremely sophisticated, so costly measures to improve security beget countermeasures from hackers.
“Cybersecurity is a continual cycle of trying to eliminate weaknesses and out-think an attacker. Currently, the best that defenders can do is to make it expensive for the attackers in terms of money, time, resources and research.”