Something’s going wrong with cyber security

Today at the Financial Times Cyber Security Summit in London, Ilia Kolochenko – chief executive officer and founder of High-Tech Bridge – held a talk about “why we still cannot stop cybercrime.”

In it, he laid bare an uncomfortable truth about cyber security: Businesses and governments across the world are spending more on security, but are being hacked more than ever. “Something is very wrong,” he said.

A raft of statistics from multiple sources painted the picture. Worldwide information security spending will hit $170 billion by 2020, venture capitalists spent $3.3 billion in 2015 on cyber security startups, the EU is planning a $2 billion investment into cyber security research and the US is planning to spend $19 billion on the area.

But, despite this investment, the hackers are still coming out on top. A PwC report said that cyber crime has risen by 20 per cent every year since 2014. KPMG reported that 81 per cent of healthcare organisations have been compromised in the last year and, according to Trend Micro, ransomware has risen by 172 per cent in the first half of 2016.

And the list goes on: earlier this week Lloyd’s of London reported that nine out of ten European businesses have suffered a cyber attack in the last five years and Gemalto revealed that there has been 15 per cent more data breaches in the first half of this year compared to 2015.

“As we compare cyber security and cyber crime we can definitely see that something is wrong,” Kolochenko said. “What many cyber security vendors are saying is that it’s not a question of if you will get hacked, but when you will get hacked. Now, can you imagine you bank saying it’s not a question of if I lose your savings but when I lose your savings?”

So, what’s going wrong? Obviously there is no simple answer, but one factor outlined by Kolochenko is that businesses are looking at cyber security the wrong way. Too often, he said, businesses are preoccupied with following the trends and purchasing tools and solutions just because that’s what everyone else is doing. Instead, businesses need to concentrate more on what is best for them. “Cyber security is about efficiency and effectiveness, not just acquiring new products” and by identifying the risks to “appropriate to the business,” organisations will be better placed to defend against attacks.

"There is too much of a focus on cure rather than prevention and often a lack of recognition of the importance of security at board level," he continued, and a "limited willingness to adopt robust continuous monitoring of all systems using both security tools together with people skills, so that every boundary is patrolled and breaches prevented."

“Cyber security is not rocket science. By "doing the right things right” and keeping things simple, businesses will “have much more success fighting cyber crime.”

Image source: Shutterstock/deepadesigns