Blog We Spend Billions on Information Security, So Why do Companies Continue to get Owned?


July 17, 2019 Category: Innovation By: Gregory Webb Comments: 0

We Spend Billions on Information Security, So Why do Companies Continue to get Owned?

Back in 2013, General Keith Alexander of US Cyber Command sounded an alarm at a cybersecurity conference, alerting corporations and government agencies of an increased threat of cyberattacks. He called the billions of dollars in intellectual property flowing out of the country “the greatest transfer of wealth in history” and warned that unless we do something, the consequences would only intensify. “Mark my words,” he continued, “it’s going to get worse. The disruptive and destructive attacks on our country will get worse and if we don’t do something, the theft of intellectual property will get worse.”

Six years later, General Alexander’s warning rings truer than ever. It’s no longer “if” a breach is going to happen, it’s “when”, with thousands of companies getting hacked every year, compromising hundreds of millions of sensitive records and costing organizations millions in remediation and recovery efforts. According to Cybersecurity Ventures, cybercrime damages are expected to rise to $6 trillion annually by 2021 – a doubling from $3 trillion in 2015.

So, what’s being done about it? Ironically, as the number and severity of attacks continue to rise, so does the amount of money companies and governments spend on cybersecurity. According to new Gartner research, spending on information security will exceed $124 billion by the end of 2019. And yet, despite billions spent on detection, the greatest transfer of economic wealth in history is still going on. We can do better!

Detection-based tools alone can’t protect against polymorphic malware

It’s clear that simply throwing more money and resources at the problem is not solving the crisis. It’s time for organizations to fundamentally re-examine their approach to security, find out why their current tools still fail to protect, look beyond compliance and detection, and invest in innovative protection solutions that puts them strategically ahead of the attackers.

Most of today’s malware attacks are not sophisticated or targeted exploits created by state-sponsored hacking groups or highly organized criminal syndicates. They’re often opportunistic attempts orchestrated by petty criminals with the help of abundant hacking services and readily-available components available on the dark net. Yet these attacks continue to successfully, and rather easily, penetrate detection-based defenses by becoming polymorphic – constantly changing