Cyber-Security Evolves, but It Doesn’t Improve

Over the last few years, cyber-security has taken a quantum leap forward. Yet, despite remarkable improvements, things continue to get worse—and the risks escalate.

For example, a Ponemon Institute study notes that 35 percent of surveyed organizations are certain they have been the victim of a nation-state attack, and 75 percent of them are not currently equipped to detect or prevent nation-state attacks.

Another recent study by Nuestar found that 50 percent of organizations have suffered a distributed denial of service (DDoS) attack, and 83 percent of these firms found themselves targeted repeatedly. Still another study conducted by ISACA found that 82 percent of cyber-security professionals believe an attack on their enterprise is “very likely,” while only 1 percent said it’s “not at all likely.”

Or course, consumers are in the crosshairs as well. Phishing attacks, drive-by malware downloads, over-the-air password and data theft, and various other maladies are now at epidemic levels. Regrettably, there appears to be no end in sight.

Amid all the chaos, there seems to be a never ending stream of ideas and approaches for combating the problem. University researchers are conjuring up new and intriguing ways to protect digital assets. Meanwhile, private firms—such as former White House cyber-security advisor Paul Kurtz’s TruSTAR—are attempting to usher in a greater use of information sharing and open-source data repositories to battle the bad guys.

Shaun Murphy, creator of SNDR and a former government security consultant, believes that disposable email addresses are at least part of the answer. He explains that services such as Gmail, Outlook and Yahoo! allow users to generate an infinite number of alias addresses on demand for one-time use.

Meanwhile, Yahoo! is phasing out passwords altogether. It recently introduced a revamped app for iOS and Android that includes an “Account Key” that allows users to sign into email accounts by selecting a notification sent to their smartphones.

In addition, we have two-factor authentication and a dizzying array of other tools, strategies and techniques.

Of course, like diet books, the proof that nothing succeeds completely is evident by the many different security strategies, methods and tools that exist. While all of them solve part of the problem some of the time—or address a small sliver of the overall risk—today’s cyber-security environment is far too complicated for any one person or IT department.

Unfortunately, the security discussion has now shifted from stamping out cyber-threats and malware to managing risk. It looks like the bad guys are winning.