Rip it up and start again? Why does cybersecurity appear to be failing?

Possible conflict between CIOs and CISOs creating vulnerabilities

"Personally, I want to say I am sorry that this happened," wrote Charles Brown, president and CEO of Canadian healthcare testing and diagnostics company LifeLabs. Brown was writing an open letter following a breach of the company's IT systems and potential loss of records impacting 15 million customers. It's the latest in a sorry line of breaches and yet over the past 18 months enterprises have had access to more sophisticated security tools and apps than ever before, so what is wrong? Why does cybersecurity seem to be failing?

As we begin the new year, there is understandable concern as to what 2020 will bring in the shape of cybersecurity threats and breaches. What is almost inevitable is that there will continue to be significant problems, fuelled as much by human error as the hacking skills of cybercriminals. So, why are businesses and public sector bodies still being breached so regularly? Shouldn't the security industry be doing more?

According to Orion Hindawi, CEO and co-founder of Tanium, the security industry is in a state of flux. Last year he admits that he thought we were going to see mass consolidation through acquisitions but now he thinks that consolidation will come through bankruptcies. Much of this, he says, is down to the "millions of little companies that are saying that they cure cancer and launch the space shuttle and do all these amazing but somewhat nonsensical things."

The problem is that this creates confusion and to a certain extent a split in vision between CIOs and CISOs. Hindawi believes 2020 will (and should) see a shake-out. Customers, he says are demanding simplification.

"I think that the market is overheated to the point where now it's not going to be a soft landing," he says. "Now, we may end up in a situation where a lot of these companies just legitimately disappear. I think a lot of our customers are starting to get to the point where they've hit saturation on the number of different voices that are screaming in their ears. Customers are tuning out."

Strained relationships

So, what does this mean in terms of protection? Are organisations leaving gaps in defences? Hindawi insists organisations are not just leaving their defences open but they are not addressing some of the key issues that are leading to all of the breaches and problems we have seen over the past 12 months.

To continue reading this article register now