We do a lot of work for IT security clients and the numbers they share with us about attacks and monetary losses numb the brain. The money spent by corporate America to maintain some semblance of protection and to fend off cyber attacks is astronomical. If you’re reading this, you know what we mean. Still, the attacks and the cost of defending yourself grow unabated. What’s going on here?
One of these clients who does big work for big brands told us recently that a perception of low return on their security dollar has created a growing, board-level frustration and alarm within these companies. “They question the ROI on the hundreds of millions of dollars invested in IT defenses and they have every right to be pissed,” he said. Of course, our clients have a vested interest in encouraging the upgrade of aging defenses so easily overcome by wily, super-smart and well-financed cyber-criminals today.
Computer security is a multi-billion industry employing some of the most brilliant technologists in the world. They labor relentlessly to stay a step ahead of the bad guys who, just like terrorists, only have to be successful once, while techno-sleuths and defenders must succeed 100% of the time. Yet, even in the breaches that merit the bigget headlines, most of the time the crooks used ridiculously simple methods to break in. In other words, many organizations are overlooking basic precautions even as their security systems grow more complex and expensive. Just like street crime, bad guys preyed on victims of opportunity.
Like muggers, Cyber-attackers scan for companies who may not be properly utilizing the defenses they have or whose passwords fail the tough-to-guess test. To us in the business of marketing some truly amazing preventive technology, this is an eye-opener. Here’s hoping they can open more corporate-security eyes as well. The chain around the company’s digital assets is only as strong as the weakest link. And the bad guys go straight to it.