Cyber risk is growing at a faster rate than investment in cybersecurity. However, the problem isn’t with the buyer, it’s the cybersecurity industry as a whole that suffers from a negative return on investment.
Speaking on the first day of the ITWeb Security Summit in Johannesburg yesterday, Jason Oehley, regional sales director for Arctic Wolf, said:
“We know IT and security leaders are trying to do the right thing. They invest money, time and energy to protect themselves. There are security companies to choose from, and with nearly $170 billion spent on them at an 11% year-over-year growth rate, the problem doesn’t seem to be on the buyer’s side.
The industry has a negative return on investment.
“As an industry, we have a negative return on investment. Something has to change. Security operations are the way to break this cycle.”
Security Operations (SecOps) is the close collaboration between security and operations teams within an organization to better manage cybersecurity threats and incidents.
Orley said cybersecurity tools and technologies are important and necessary, but they are not enough.
“Technology must be purpose-built to be paired with extraordinary talent. The two, combined and working together, are proven means of reducing likelihood and impact to actually reduce risk.” Having broad visibility is critical in today’s threat landscape.”
Most data breaches that hit organizations occur in the cloud.
Oehley mentioned IBM’s recent breach costs. reportfound that 45% of breaches occurred in the cloud, giving examples of such cyberattacks.
Medibank and Uber’s primary compromise is where attackers obtain compromised credentials, possibly from the dark web or early access brokers, and enter the network from there via software associated with account credentials. It started with
He added that Uber’s secondary compromise was through a third-party vendor that accessed Amazon Web Services’ backup servers containing UberX employee records.
“This means that external risks and identity-centric vectors of intrusion are significant threats to organizations.”