Cybercriminals are winning: How companies can turn the tide

Image via Unsplash

As the digital realm expands and thrives, so too does the nefarious world of cybercrime. If current trends continue, the annual cost of cyberattacks is projected to skyrocket to $10.5 trillion by 2025 — a staggering 300% increase from 2015.

Faced with this ongoing cyber assault, organizations worldwide are expected to shell out $1.75 trillion on cybersecurity measures from 2021 to 2025, which represents 15% year-over-year growth. Yet even this may not be enough to combat the problem. A survey of 4,000 medium-size companies shows that threat volumes continue to double year over year.

It’s clear that today’s security paradigm is broken. At no time in history have organizations spent as much money as they are right now on cybersecurity to prevent bad things from happening. But at no time in history have more bad things happened to them than they are right now. In short, security leaders are losing the battle against cybercrime. Period.

The problem — one of the problems — is that many organizations continue to embrace cybersecurity tactics that are ineffective. One example is detection and response. I liken this tactic to a game of “whack-a-mole” because it involves constantly identifying and mitigating threats as they arise.

Just as in a game of whack-a-mole, in which the moles constantly pop out of different holes and the player must quickly hit them, cyber attackers are constantly finding new ways to infiltrate systems and steal sensitive information. As soon as one cyber threat is dealt with, a new one pops up. In some sense it is an asymmetric battle, as the attackers are motivated and funded to do harm, while defenders need to put effort and resources into counteracting them.

The human factor

Another problem is that today’s approach to cybersecurity typically involves a human who sets the security policies and then goes away. The moment those policies are set, they’re already out of date. The bad guys are constantly probing and doing reconnaissance to see how they can or can’t get through the defenses and they are constantly adjusting their tactics to improve their success rate.

The reality is that humans are fallible and they can make mistakes when setting security policies. The policies may be too strict, which can hinder productivity, or they may be not strict enough, which can leave the organization vulnerable to cyberattacks. What’s more, the threat landscape is constantly changing and what may have been a sufficient security policy yesterday may not be sufficient today or tomorrow. When humans set security policies and then go away, they are not actively monitoring and updating those policies to ensure they remain effective in the face of new threats.

That’s why organizations quickly run out of human runway and it’s why their infrastructure is quickly overloaded. Today’s technology is not designed to function in a manner that’s commensurate with the threat. It’s not as dynamic or as extensible as it needs to be.

A better approach

A more effective approach is proactive protection that leverages cyber threat intelligence to cut down the noise and make the defenders more efficient. With the rapid pace of cyber threats today, the window for responding to an attack can be short. This is especially true for fast-moving threats like malware outbreaks and network intrusions, which can cause significant harm if not promptly addressed. Real-time threat intelligence empowers security teams to take decisive action to mitigate the impact of a threat, such as blocking malicious traffic, isolating infected systems and deploying patches to fix vulnerabilities.

Today, organizations are ingesting 100% of the noise the internet throws at them. For example, a typical security analyst has to wade through hundreds of pages of security logs every day to assess current threat levels. That’s a ridiculous number of log reports to look at, most of which are not even actionable. They’re just noise. It’s like having a crowd of people screaming at the top of their lungs for an hour.

A real-time cyber intelligence approach can filter all that noise and give customers the actionable information they need. If a “known bad” is identified by the threat intelligence, it can cut off the threat before it even enters the network — making users almost invisible to the threat actor community.

Better still, the threat data can be updated every few minutes. This enables organizations to take control of their future by incorporating real-time cyber threat intelligence into their defense measures. This approach proactively shields organizations from 99% of the attacks that have been identified and mapped by the global threat-intelligence community. When that happens, organizations have a functional security team that can accomplish more at a fraction of the time and budget.

Inadequate cybersecurity measures can have serious consequences for companies. Organizations that continue to embrace ineffective cybersecurity tactics, such as the whack-a-mole approach mentioned earlier, risk being swallowed up in the ever-evolving threat landscape. A far more effective approach is proactive protection that leverages cyber threat intelligence to quickly identify and address potential threats. That’s how we’ll win the cyber battle once and for all.

Jess Parnell is Vice President of Security Operations at Centripetal.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.