Search
  • DigitalBank Vault

ENCRYGMA:" Cybersecurity is failing because the technology is not as effective as it needs to be"

Updated: Jul 5



www.ENCRYGMA.com

GO DARK.

USE ANYWHERE.

LEAVE NO TRACE

SuperEncrypted Communications


Cybersecurity is failing because the technology is not as effective as it needs to be


Cybersecurity is failing. Spend on cybersecurity is increasing every year (+58% over the past five years1), yet as the WEF has highlighted, business leaders still identify disruption from a cyberattack as one of the top 5 growing risks in 2020 (and while the exact numbers are contestable, the direction is clear).


A major cause of this failure is that the technology is not as effective as it needs to be, and this is the view shared by 90% of over 100 highly qualified research participants in this study. While there has been a strong focus on improving people and process-related issues in recent years, - which are also undoubtedly contributors to cybersecurity failings - technology problems have in some way been accepted as inevitable and the norm.


As one Chief Information Security Officer (CISO) put it, “we buy it, and then we cross our fingers and hope the technology will work”. Trust in cybersecurity technology to deliver on its promise is low. Without improving technology efficacy, cybersecurity will continue to fail. Participants in this research broadly agree that four characteristics are required to comprehensively define cybersecurity technology efficacy. These are the Capability to deliver the security mission (fit-for-purpose), Practicality in operations (fit-for-use), Quality of security build and architecture, and Provenance of the vendor and supply chain


Cybersecurity spending has risen 58% to £121bn over the last 5 years but this increase in spending hasn’t delivered a proportionate decrease in risk. Over the same 5-year period,

security breaches have actually increased by 67%, with the damage per victim organization

averaging $13m8 and as the WEF has highlighted, business leaders still identify disruption

from cyberattacks as one of the top 5 growing risks in 2020. As one global bank CISO put it

“customers being robbed is becoming normal. Everybody suffers ransomware now; it is also

normal. The risk has been accepted.”


Cybersecurity efficacy is dependent on the balance of enterprise defensive and attacker

offensive capabilities. It is commonly understood that defensive capabilities are a combination

of strategy (what to defend, how to defend; driven by risk governance), process (operational

approaches to security), people (security & IT staff, end-users) and technology (hardware and

software), as per exhibit 2. Unfortunately, 90% of interviewees in our research say there is an

efficacy problem with cybersecurity technology which compromises defenses and is partially

responsible for the continued success of attackers.





To be effective, cybersecurity solutions need to have the Capability to deliver the stated security mission (be fit-for-purpose), have the Practicality that enterprises need to implement, integrate, operate and maintain them (be fit-for-use), have the Quality in design and build to avoid vulnerabilities and negative impact, and the Provenance in the vendor company, its people and supply chain such that these do not introduce an additional security risk.


Cybersecurity attacks can be complex and may exploit multiple vulnerabilities in order to

succeed, but attackers are also often opportunistic. The opportunity is based on finding

weaknesses in technology and exploiting them before defenders are either aware of them

or have had a chance to address them. A lot of focus is placed on the human vulnerabilities

that enable successful attacks (such as clicking on links in phishing emails), but this research

highlights that technical vulnerabilities due to poor efficacy are also a major contributing factor

to successful attacks.



https://www.digitalbankvault.com/