The great contradiction in cybersecurity today is that the more enterprises spend on their security and risk controls, the less sure they are that it will all work as advertised.
Year after year, organizations invest more and more into detection systems, response systems, event management systems, firewalls, secure web gateways, and more. Despite this increased spending, the cost of cybercrime continues to outpace investments in enterprise security and risk products.
The more layers of new security technology that are added, the harder it is to cut through the noise. CISOs and analysts on the ground struggle to answer basic questions because as things stand, security is still largely a guessing game.
Too many organizations today govern risk management actions and investments by gut instinct and fear rather than by facts based on empirical evidence. That’s got to change.