Cybercriminals are innovating. New attack vectors — everything from fansmitter information stealing to the rise of smishing — have cybersecurity professionals struggling to keep up. It’s no surprise that many companies are investing heavily in innovation to both protect corporate networks and empower end users.

As noted by SC Magazine, however, a new business innovation study by Ponemon Institute found that efforts to think outside the box and the drive to keep the enterprise safe may be working at odds.

Business Innovation Study Bears Bad News

According to IT Pro Portal, there’s something very wrong with the state of cybersecurity. Despite the best efforts from organizations and IT professionals alike, successful attacks are on the rise. Security spending is expected to hit $170 billion by 2020, and the U.S. plans to shell out $19 billion on cybersecurity research.

Still, cybercrime is up 20 percent year over year. Additionally, 81 percent of health care agencies were compromised last year and ransomware incidents are up 172 percent so far in 2016. This is not good news.

Burning at Both Ends

The Ponemon Institute business innovation study revealed that companies are burning the candle at both ends trying to satisfy the demands for easier access and more direct user control without exposing the organization to undue risk.

Efforts to address the lack of necessary access controls and security safeguards limits the amount of time IT professionals have to innovate. At the same time, prematurely empowering users to manage access rights can open new security gaps.

Put simply, cybersecurity remains the industry’s problem child. More spending hasn’t fixed the issue, and efforts to sidestep the problem have only made it worse.

An Inextricable Link

So what’s the solution to this cybersecurity crisis? The Harvard Business Review pointed to improved executive buy-in. Security professionals must learn to make an effective business case for IT security not as a stopgap measure or cure all, but rather an integral part of a long-term corporate strategy. This nets critical monetary resources and helps shift corporate culture away from reactive defense to more proactive protection.

As noted by Federal Computer Week, meanwhile, efforts to improve cybersecurity may be best served by the recognition that IT modernization, improved security and innovation are inextricably linked. In other words, it’s not enough to give IT professionals free rein to innovate at the cost of security, nor can security budgets override the need for corporate creativity. Instead, the march toward a tech-driven future depends on a combination of these two outcomes. This create a symbiotic relationship that gives IT the room to create without abandoning control.

Ultimately, trying to out-innovate cybercriminals is a losing battle since they don’t contend with corporate culture or C-suite requirements. To achieve any meaningful progress against attackers, companies must create a kind of inextricable link between innovation and security. Where goes the box, so too goes its bulwark.

More from

Despite Tech Layoffs, Cybersecurity Positions are Hiring

4 min read - It’s easy to read today’s headlines and think that now isn’t the best time to look for a job in the tech industry. However, that’s not necessarily true. When you read deeper into the stories and numbers, cybersecurity positions are still very much in demand. Cybersecurity professionals are landing jobs every day, and IT professionals from other roles may be able to transfer their skills into cybersecurity relatively easily. As cybersecurity continues to remain a top business priority, organizations will…

4 min read

How I Got Started: White Hat Hacker

3 min read - White hat hackers serve as a crucial line of cyber defense, working to identify and mitigate potential threats before malicious actors can exploit them. These ethical hackers harness their skills to assess the security of networks and systems, ultimately helping organizations bolster their digital defenses. But what drives someone to pursue a career as a white hat hacker, and how do you get started in leveraging so-called “evil” skills for the greater good?? In this exclusive Q&A, we spoke with…

3 min read

Heads Up CEO! Cyber Risk Influences Company Credit Ratings

4 min read - More than ever, cybersecurity strategy is a core part of business strategy. For example, a company’s cyber risk can directly impact its credit rating. Credit rating agencies continuously strive to gain a better understanding of the risks that companies face. Today, those agencies increasingly incorporate cybersecurity into their credit assessments. This allows agencies to evaluate a company’s capacity to repay borrowed funds by factoring in the risk of cyberattacks. Getting Hacked Impacts Credit Scoring As per the Wall Street Journal…

4 min read

Zombie APIs are a Top Security Concern as API Attacks Surge 400%

4 min read - Organizations of all sizes rely on application programming interfaces (APIs). The API explosion has been driven by several factors, including cloud computing, demand for mobile/web applications, microservices architecture and the API economy as a business model. APIs enable developers to access data remotely, integrate with other services, build modular applications and monetize their data/services. For enterprises that participated in a recent research study, the average number of APIs per organization was 15,564. Large enterprises (over 10,000 employees) had an average…

4 min read