Page 40 - Cyber Defense eMagazine forJune 2021
P. 40
It grew fast
Few people understood or appreciated the potential behind the early internet. With the release of the first
web pages and web browsers, people were able to buy products, and email began to replace fax
machines. Soon, everyone who knew or understood what it could do wanted to connect, and they did.
The thought of helping companies become secure was not a priority. Building and expanding the reach
to the digital doorway of connectivity was the goal. Security was often added as an afterthought and
optional, leaving many opportunities for bad actors to take advantage of an unsuspecting, naive
audience. As the internet grew, many hackers went from being from being curious digital explorers to
become professional criminals focused on financial or political gains.
Wall Street financed the growth
Since the mid-1990s, investors have poured trillions of dollars to expand the growth of the internet. As of
February 2021, the 10 largest internet companies have a market cap of over $4.4 trillion. Companies
were financed to expand the reach of the internet into all parts of the global economy and rewarded with
rich valuations. The term, “build it and they will come,” became very popular. Capitalism incented the
rapid expansion until the entire economy became an Internet of Things (IOT).
False perception: Little return on investment (ROI) for security
Unlike other technology budget items C-level executives are asked to make, it is challenging to calculate
a ROI for cybersecurity. Since it is difficult to approve a negative spend on an intangible line item, and
no amount of expense can guarantee a network’s safety, it is often all too easy to put off security
spending. This complacency can lead to reduced protection, increasing the likelihood of
an opportunistic attack on what cyber miscreants will see as a soft target.
When a company decides to invest in a cybersecurity solution, it may seem easier to go with a brand
name or well-known product. Leaders today do not see cybersecurity as a risk, because it is an unknown
or most times do not understand it. When executives finally realize it is a possible threat or they have
been breached, they immediately reach for help and want a known entity to solve the problem. In reality,
many of the most seasoned cyber professionals -- those that can best help secure their networks --
operate their own relatively small consultancy and are off their radar.
Missing: culture of security
Few outside the relatively small world of cybersecurity truly understand the real risks or are even aware
of them. Many individuals and even business leaders think that they are generally safe online. Believing
that by avoiding “bad” websites and not clicking on obvious phishing emails, they are relatively secure.
We have faith in our institutions and IT teams and believe they will protect us. While IT professionals are
experts in their field, they often lack the training and practical experience to compete against highly
motivated cyber criminals. While some IT professionals are experts at building and maintaining networks,
some do not think like a criminal or how someone from the outside might enter their network. They may
be experts at IT, but they may not be the most qualified to protect their environments from external
threats.
Cyber Defense eMagazine – June 2021 Edition 40
Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.