Carbon Black: Encryption and firewalls are not working


Spending on cybersecurity is now being dwarfed by the investments cybercriminals are making into creating their attacks.

That's according to security vendor Carbon Black, which released a report in September that warned cybercriminals are spending approximately $1 trillion annually on developing a cyber attack arsenal. In comparison, organisations are only devoting about $96 billion on shoring up their defences – meaning attackers are outspending defenders by a ratio of more than 10 to 1.

The findings also show that 92% of UK companies have been breached in the last 12 months and almost half (44%) have been breached between three and five times. Moreover, the frequency of cyber attacks has risen, with 82% of firms reporting an increase in attempted attacks against their organisations during the past year.

Perhaps more startling is that 91% of UK businesses say attacks are becoming more sophisticated, leveraging techniques such as lateral movement, counter incident response, and island hopping.

So, is there anything that a managed security service provider (MSSP) can do in the face of these seemingly overwhelming odds?

Tom Kellerman, Carbon Black's chief cybersecurity officer and former member of the Cybersecurity Commission under President Obama, says MSSPs must look beyond traditional security solutions like antivirus and firewalls, which are "not working."

"They need to move away from a dependency on encryption and firewalls and leverage things like next-gen IPS [intrusion-prevention systems], EDR [endpoint detection and response] systems, two or three-factor authentication and deception technology," Kellerman tells Channel Pro.

In this respect, MSSPs need to "practice what they preach" to help their customers, he adds.

"They should secure their systems like they do their customers; many of them don't. They need to begin that exercise by conducting their own hunt for compromised systems so there's no adversary inside their walls before they lock them down."

When asked if there is any point implementing stringent security policies for customers when the problem of Shadow IT and the unsanctioned downloading of business applications is rampant within many businesses, Kellerman says the MSSP should consider things like application control.

"I think it's important to educate customers, but I think in the long run, if the customer isn't willing to learn, they must follow a policy of application control. In certain circumstances, your most sensitive servers and operations should just be controlled. Application control is difficult, but if you apply it properly it should only create a very secure experience," he says.

It's not all bleak, though. Two-thirds of UK organisations surveyed said they have proactively conducted threat hunting in the past year to help mitigate the damage cyber attacks can cause. Of those companies, more than 90% said it had strengthened their defences as a result.

In addition, the findings from Spiceworks' annual 2019 State of IT Budgets report shows that large enterprises, typically with more data and devices to lock down, are primarily increasing budgets due to growing security concerns.

"With more employees to target, larger organisations recognize the importance of boosting budgets to protect against phishing attacks and avoid potentially crippling malware," it notes.

Christine Horton

Christine has been a tech journalist for over 20 years, 10 of which she spent exclusively covering the IT Channel. From 2006-2009 she worked as the editor of Channel Business, before moving on to ChannelPro where she was editor and, latterly, senior editor.

Since 2016, she has been a freelance writer, editor, and copywriter and continues to cover the channel in addition to broader IT themes. Additionally, she provides media training explaining what the channel is and why it’s important to businesses.