IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Carbon Black: Encryption and firewalls are not working

With cyber criminals now outspending defenders by 10 to one, should customers end their dependency on traditional security?

fire

Spending on cybersecurity is now being dwarfed by the investments cybercriminals are making into creating their attacks.

That's according to security vendor Carbon Black, which released a report in September that warned cybercriminals are spending approximately $1 trillion annually on developing a cyber attack arsenal. In comparison, organisations are only devoting about $96 billion on shoring up their defences – meaning attackers are outspending defenders by a ratio of more than 10 to 1.

The findings also show that 92% of UK companies have been breached in the last 12 months and almost half (44%) have been breached between three and five times. Moreover, the frequency of cyber attacks has risen, with 82% of firms reporting an increase in attempted attacks against their organisations during the past year.

Perhaps more startling is that 91% of UK businesses say attacks are becoming more sophisticated, leveraging techniques such as lateral movement, counter incident response, and island hopping.

So, is there anything that a managed security service provider (MSSP) can do in the face of these seemingly overwhelming odds?

Tom Kellerman, Carbon Black's chief cybersecurity officer and former member of the Cybersecurity Commission under President Obama, says MSSPs must look beyond traditional security solutions like antivirus and firewalls, which are "not working."

"They need to move away from a dependency on encryption and firewalls and leverage things like next-gen IPS [intrusion-prevention systems], EDR [endpoint detection and response] systems, two or three-factor authentication and deception technology," Kellerman tells Channel Pro.

In this respect, MSSPs need to "practice what they preach" to help their customers, he adds.

"They should secure their systems like they do their customers; many of them don't. They need to begin that exercise by conducting their own hunt for compromised systems so there's no adversary inside their walls before they lock them down."

When asked if there is any point implementing stringent security policies for customers when the problem of Shadow IT and the unsanctioned downloading of business applications is rampant within many businesses, Kellerman says the MSSP should consider things like application control.

"I think it's important to educate customers, but I think in the long run, if the customer isn't willing to learn, they must follow a policy of application control. In certain circumstances, your most sensitive servers and operations should just be controlled. Application control is difficult, but if you apply it properly it should only create a very secure experience," he says.

It's not all bleak, though. Two-thirds of UK organisations surveyed said they have proactively conducted threat hunting in the past year to help mitigate the damage cyber attacks can cause. Of those companies, more than 90% said it had strengthened their defences as a result.

In addition, the findings from Spiceworks' annual 2019 State of IT Budgets report shows that large enterprises, typically with more data and devices to lock down, are primarily increasing budgets due to growing security concerns.

"With more employees to target, larger organisations recognize the importance of boosting budgets to protect against phishing attacks and avoid potentially crippling malware," it notes.

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Recommended

Accelerating security and success for MSPs with automation
Sponsored

Accelerating security and success for MSPs with automation

25 May 2022
Schneider Electric unveils Grid Operations Platform as a Service on Microsoft Azure
cloud computing

Schneider Electric unveils Grid Operations Platform as a Service on Microsoft Azure

24 May 2022
T-Mobile unveils new 5G Advanced Network Solutions
Network & Internet

T-Mobile unveils new 5G Advanced Network Solutions

24 May 2022
Google unveils new Assured Open Source Software service
open source

Google unveils new Assured Open Source Software service

18 May 2022

Most Popular

Europe's first autonomous petrol station opens in Lisbon
automation

Europe's first autonomous petrol station opens in Lisbon

23 May 2022
Nvidia pauses hiring to help cope with inflation
Careers & training

Nvidia pauses hiring to help cope with inflation

23 May 2022
Open source packages with millions of installs hacked to harvest AWS credentials
hacking

Open source packages with millions of installs hacked to harvest AWS credentials

24 May 2022