Spending more doesn't necessarily work when tackling cyber-security issues, said Ilia Kolochenko, CEO and founder of High-Tech Bridge told the audience at today's FT Cyber-Summit.
Cyber-security is becoming big said Kolochenko as he began his brief presentation. The EU plans to spend US$2 (£1.5 billion) on cyber-security in the near future. The US government plans to spend US$9 billion (£7 billion). In the private sector, total venture capital investment has increased by 76 percent in 2015.
“Sounds like El Dorado,” said Kolochenko.
Cyber-crime is having a similar upswing. According to PwC, it's been increasing by 20 percent ever year since 2014. It has also been predicted that 81 percent of health organisations have been breached in cyber-attacks between 2013 and 2014. Ransomware attacks, according to Trend Micro, doubled in the first half of 2016.
At this point, it might do well to rehearse the old industry cliche of a breach not being a question of if but when. However, Kolochenko intervened, would you expect your bank to say that it's not a matter concerning it when you lose money out of your bank account?
That is, in effect, what's happening. Many think that adding new technologies and spending more money is somehow an effective way of protecting yourself. It's not and according to Kolochenko, it's a false economy.
Businesses should spend more time to consider what exactly it is that they need. Who, for example, is really going to attack you? What are they going after? And how are they going to get in?
“Most important problem we have today is that we don't have an overview of our digital assets,” Kolochenko told SCMagazineUK.com, “quite often because cyber-security companies try to advertise and exaggerate risks that are not appropriate”.
Quite a lot of new cyber-security companies are backed by venture capital firms who “aggravate the problem, saying that only ‘we' can solve the problem”.
Most attacks occurring today aren't due to overwhelmingly sophisticated adversaries but “because somebody forgot something obvious,” like not installing a security update.
Recent research from Gartner said that 99 percent of vulnerabilities exploited in cyber-attacks are not zero days.The mundane vulnerabilities are the most pressing. So concluded, Kolochenko, “keep it simple”.