John Chamber, ex-CEO of Cisco, once said that there are two types of companies, those who have been hacked and those who don’t yet know they have been hacked? Consider for a moment, the following statistics:
• There were 783 major breaches in 2014
• This represents a 30% increase from 2013
• Median number of days before detection: 205
• Average number of systems accessed: 40
• Valid credentials used: 100%
• Percentage of victims notified by external entities: 69%
Large enterprises are finally coming to the conclusion that security vendors and their solutions are failing them. Despite the unbelievable growth in enterprise Security spend, organizations are not any safer.
And security attestations like PCI and HIPAA, while helping with compliance, are not equated with a stronger security posture.
Don’t believe it? Take a look at the recent announcement from Netflix where they indicated they are dumping their anti-virus solution. And because Netflix is a well-known innovator in the tech space, and the first major web firm to openly dump its anti-virus software, others are likely to follow.
Even the federal government is jumping into this security cesspool. In a recent U.S. appellate court decision, the Federal Trade Commission (FTC) was granted authority to regulate corporate cybersecurity. This was done because the market has failed and it was necessary for the government to intervene through public policy (i.e. regulation or legislation).