Cybercriminals are innovating. New attack vectors — everything from fansmitter information stealing to the rise of smishing — have cybersecurity professionals struggling to keep up. It’s no surprise that many companies are investing heavily in innovation to both protect corporate networks and empower end users.

As noted by SC Magazine, however, a new business innovation study by Ponemon Institute found that efforts to think outside the box and the drive to keep the enterprise safe may be working at odds.

Business Innovation Study Bears Bad News

According to IT Pro Portal, there’s something very wrong with the state of cybersecurity. Despite the best efforts from organizations and IT professionals alike, successful attacks are on the rise. Security spending is expected to hit $170 billion by 2020, and the U.S. plans to shell out $19 billion on cybersecurity research.

Still, cybercrime is up 20 percent year over year. Additionally, 81 percent of health care agencies were compromised last year and ransomware incidents are up 172 percent so far in 2016. This is not good news.

Burning at Both Ends

The Ponemon Institute business innovation study revealed that companies are burning the candle at both ends trying to satisfy the demands for easier access and more direct user control without exposing the organization to undue risk.

Efforts to address the lack of necessary access controls and security safeguards limits the amount of time IT professionals have to innovate. At the same time, prematurely empowering users to manage access rights can open new security gaps.

Put simply, cybersecurity remains the industry’s problem child. More spending hasn’t fixed the issue, and efforts to sidestep the problem have only made it worse.

An Inextricable Link

So what’s the solution to this cybersecurity crisis? The Harvard Business Review pointed to improved executive buy-in. Security professionals must learn to make an effective business case for IT security not as a stopgap measure or cure all, but rather an integral part of a long-term corporate strategy. This nets critical monetary resources and helps shift corporate culture away from reactive defense to more proactive protection.

As noted by Federal Computer Week, meanwhile, efforts to improve cybersecurity may be best served by the recognition that IT modernization, improved security and innovation are inextricably linked. In other words, it’s not enough to give IT professionals free rein to innovate at the cost of security, nor can security budgets override the need for corporate creativity. Instead, the march toward a tech-driven future depends on a combination of these two outcomes. This create a symbiotic relationship that gives IT the room to create without abandoning control.

Ultimately, trying to out-innovate cybercriminals is a losing battle since they don’t contend with corporate culture or C-suite requirements. To achieve any meaningful progress against attackers, companies must create a kind of inextricable link between innovation and security. Where goes the box, so too goes its bulwark.

More from

How Do You Plan to Celebrate National Computer Security Day?

In October 2022, the world marked the 19th Cybersecurity Awareness Month. October might be over, but employers can still talk about awareness of digital threats. We all have another chance before then: National Computer Security Day. The History of National Computer Security Day The origins of National Computer Security Day trace back to 1988 and the Washington, D.C. chapter of the Association for Computing Machinery’s Special Interest Group on Security, Audit and Control. As noted by National Today, those in…

Deploying Security Automation to Your Endpoints

Globally, data is growing at an exponential rate. Due to factors like information explosion and the rising interconnectivity of endpoints, data growth will only become a more pressing issue. This enormous influx of data will invariably affect security teams. Faced with an enormous amount of data to sift through, analysts are feeling the crunch. Subsequently, alert fatigue is already a problem for analysts overwhelmed with security tasks. With the continued shortage of qualified staff, organizations are looking for automation to…

Worms of Wisdom: How WannaCry Shapes Cybersecurity Today

WannaCry wasn't a particularly complex or innovative ransomware attack. What made it unique, however, was its rapid spread. Using the EternalBlue exploit, malware could quickly move from device to device, leveraging a flaw in the Microsoft Windows Server Message Block (SMB) protocol. As a result, when the WannaCry "ransomworm" hit networks in 2017, it expanded to wreak havoc on high-profile systems worldwide. While the discovery of a "kill switch" in the code blunted the spread of the attack and newly…

Emotional Blowback: Dealing With Post-Incident Stress

Cyberattacks are on the rise as adversaries find new ways of creating chaos and increasing profits. Attacks evolve constantly and often involve real-world consequences. The growing criminal Software-as-a-Service enterprise puts ready-made tools in the hands of threat actors who can use them against the software supply chain and other critical systems. And then there's the threat of nation-state attacks, with major incidents reported every month and no sign of them slowing. Amidst these growing concerns, cybersecurity professionals continue to report…