Researchers continue to conduct studies in efforts to stimulate more intelligent decision-making in the cybersecurity arena, as statistics related to the frequency and damages of breaches have become more disheartening in the past few years. However, it is up to the decision-makers on the ground-level of the private sector to actually initiate changes in their protective measures, and this has appeared to be a relatively slow movement compared to the proliferation of threats.
Industries and regions from around the globe have been commonly dumbfounded by the sheer breadth and sophistication of attacks, which has been evidenced by the increasing investment in security provisions without much of an impact on the actual performance of those tools. Many companies continue to use outdated or completely antiquated security controls that are not capable of protecting systems and data from the threat of hackers and other malicious entities.
In the coming years, many expect organizations to begin leveraging more advanced access management solutions such as multi-factor authentication to better combat the modern cybercriminal. However, this needs to occur soon, as a wealth of research indicates that the cost of breaches on the global scale is reaching into the billions of dollars, further hindering economic growth in many nations.
A comprehensive report
PricewaterhouseCoopers recently released its 2014 U.S. State of Cybercrime Survey, which was conducted along with the help of the U.S. Secret Service, CSO Magazine and Carnegie Mellon University's CERN Division of the Software Engineering Institute. The report found that despite the fact that 77 percent of organizations experienced at least one security event in the past 12 months, and more than a third have seen an increasing frequency of events, fewer than 40 percent of the respondents have actually incorporated mechanisms to intelligently mitigate threats.
Provisioning and planning are critically important aspects of cybersecurity, and this also appears to be where organizations are significantly behind. The survey revealed that 69 percent of decision-makers believe that the threat of hacking and other security events could impact their growth prospects, while the average rate of incidents was 135 per business studies in the past 12 months alone.
"Despite substantial investments in cybersecurity technologies, cyber criminals continue to find ways to circumvent these technologies in order to obtain sensitive information that they can monetize," Ed Lowery, Special Agent in Charge, Criminal Investigative Division, U.S. Secret Service, affirmed. "The increasing sophistication of cyber criminals and their ability to circumvent security technologies indicates the need for a radically different approach to cybersecurity: A balanced approach that, in addition to using effective cybersecurity technologies, develops the people, processes, and effective partnerships in order to strategically counter cybersecurity threats."
The researchers went on to note that the key deficiencies seen on a massive scale included a lack of risk assessment, inadequate attention to insider threats, poor strategic oversight of security-related purchases and far lower employee training and awareness program frequency than would be desired.
Making the most of the budget
One of the tricks to remember in the modern cybersecurity arena is that overly complex or extraneous investments will not come with strong returns, and that more advanced and effective ones are where the competitive advantage comes into play. Companies continue to deploy advanced technological strategies to modernize their operations and drive success, but are notably behind in terms of protecting those assets from a variety of threats.
Multi-factor authentication solutions are among the most advanced and effective access management controls available on the market today. Instead of continuing to invest in security software and systems that do not work, businesses must realize that it is time for a changing of the guards.