September 22, 2016 By Douglas Bonderud 2 min read

Cybercriminals are innovating. New attack vectors — everything from fansmitter information stealing to the rise of smishing — have cybersecurity professionals struggling to keep up. It’s no surprise that many companies are investing heavily in innovation to both protect corporate networks and empower end users.

As noted by SC Magazine, however, a new business innovation study by Ponemon Institute found that efforts to think outside the box and the drive to keep the enterprise safe may be working at odds.

Business Innovation Study Bears Bad News

According to IT Pro Portal, there’s something very wrong with the state of cybersecurity. Despite the best efforts from organizations and IT professionals alike, successful attacks are on the rise. Security spending is expected to hit $170 billion by 2020, and the U.S. plans to shell out $19 billion on cybersecurity research.

Still, cybercrime is up 20 percent year over year. Additionally, 81 percent of health care agencies were compromised last year and ransomware incidents are up 172 percent so far in 2016. This is not good news.

Burning at Both Ends

The Ponemon Institute business innovation study revealed that companies are burning the candle at both ends trying to satisfy the demands for easier access and more direct user control without exposing the organization to undue risk.

Efforts to address the lack of necessary access controls and security safeguards limits the amount of time IT professionals have to innovate. At the same time, prematurely empowering users to manage access rights can open new security gaps.

Put simply, cybersecurity remains the industry’s problem child. More spending hasn’t fixed the issue, and efforts to sidestep the problem have only made it worse.

An Inextricable Link

So what’s the solution to this cybersecurity crisis? The Harvard Business Review pointed to improved executive buy-in. Security professionals must learn to make an effective business case for IT security not as a stopgap measure or cure all, but rather an integral part of a long-term corporate strategy. This nets critical monetary resources and helps shift corporate culture away from reactive defense to more proactive protection.

As noted by Federal Computer Week, meanwhile, efforts to improve cybersecurity may be best served by the recognition that IT modernization, improved security and innovation are inextricably linked. In other words, it’s not enough to give IT professionals free rein to innovate at the cost of security, nor can security budgets override the need for corporate creativity. Instead, the march toward a tech-driven future depends on a combination of these two outcomes. This create a symbiotic relationship that gives IT the room to create without abandoning control.

Ultimately, trying to out-innovate cybercriminals is a losing battle since they don’t contend with corporate culture or C-suite requirements. To achieve any meaningful progress against attackers, companies must create a kind of inextricable link between innovation and security. Where goes the box, so too goes its bulwark.

More from

Black Friday Chaos: The Return of Gozi Malware

4 min read - On November 29th, 2024, Black Friday, shoppers flooded online stores to grab the best deals of the year. But while consumers were busy filling their carts, cyber criminals were also seizing the opportunity to exploit the shopping frenzy. Our system detected a significant surge in Gozi malware activity, targeting financial institutions across North America.The Black Friday connectionBlack Friday creates an ideal environment for cyber criminals to thrive. The combination of skyrocketing transaction volumes, a surge in online activity and often…

Cloud Threat Landscape Report: AI-generated attacks low for the cloud

2 min read - For the last couple of years, a lot of attention has been placed on the evolutionary state of artificial intelligence (AI) technology and its impact on cybersecurity. In many industries, the risks associated with AI-generated attacks are still present and concerning, especially with the global average of data breach costs increasing by 10% from last year.However, according to the most recent Cloud Threat Landscape Report released by IBM’s X-Force team, the near-term threat of an AI-generated attack targeting cloud computing…

Testing the limits of generative AI: How red teaming exposes vulnerabilities in AI models

4 min read - With generative artificial intelligence (gen AI) on the frontlines of information security, red teams play an essential role in identifying vulnerabilities that others can overlook.With the average cost of a data breach reaching an all-time high of $4.88 million in 2024, businesses need to know exactly where their vulnerabilities lie. Given the remarkable pace at which they’re adopting gen AI, there’s a good chance that some of those vulnerabilities lie in AI models themselves — or the data used to…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today