June 15, 2015 — Companies are spending more on cyber-security, but many firms believe hackers are gaining the upper hand, said a RAND Corporation study released last week.
Worldwide, spending on cyber-security has reached nearly $70 billion a year, and it’s been growing by 10 percent to 15 percent a year for the past several years, according to the study by RAND researcher Martin Libicki and other officials at the Santa Monica-based think tank.
“Companies that didn’t even have a chief information security officer five years ago have one now, and CEOs are more likely to listen to them,” Libicki said in the report raised Wednesday.
“Core software is improving, and new cyber-security products continue to appear, which is likely to make a hacker’s job more difficult and expensive.”
At the same time, however, many chief information security officers believe that hackers “may gain the upper hand two to five years from now,” which will require a new range of tools to prevent cyber attacks, according to RAND.
“Organizations need to determine what needs to be protected and how badly, including what machines are on a company’s network, what applications are running and what privileges have been established,” officials said.
Libicki and fellow researchers created a framework that shows how companies have struggled to minimize the cost arising from cyberspace insecurity over a 10-year period, RAND officials said.
“Those costs include the losses from cyberattack, the direct costs of training users, and the direct cost of buying and using cyber safety tools,” officials said.
Researchers interviewed 18 chief information security officers for the study and looked at the “burgeoning world” of cyber-security products. They also looked at the relationship between software quality and the methods hackers employ to discover software vulnerabilities, RAND officials said.
Researches then used the information to create the model that sheds light on the relationship between what cyber-security measure companies choose and the cost of confronting cyber-attacks, said officials.
Their study, “The Defender’s Dilemma: Charting a Course Toward Cybersecurity,” is available online at www.rand.org.
“Companies know what they spend on cyber-security, but quantifying what they save by preventing malicious attacks is much harder to tally,” said Lillian Ablon, who co-authored the study.
Because the methods hackers employ are shrouded in secrecy, even experts aren’t sure of all the ways malicious hackers can infiltrate systems. In addition, businesses do not readily disclose their safety measures, said RAND officials.
“Cyber-security is a continual cycle of trying to eliminate weaknesses and out-think an attacker,” said Ablon. “Currently, the best that defenders can do is to make it expensive for the attackers in terms of money, time, resources and research.”
View the original content and more from this author here: http://ift.tt/1IWQ6Yt
from cyber security caucus http://ift.tt/1MDbKPu
via IFTTT
No comments:
Post a Comment