By Simon Crosby, Co-founder & CTO, Bromium
In the blink of an eye, 2015 is almost over. When looking back at it and what it meant for the cybersecurity industry, this year has been predictably busy. We saw large acquisitions, including those of EMC by Dell and Websense by Raytheon, while companies such as Rapid7 and Sophos went public. Large funding rounds were a near weekly occurrence, and as a result the sector raised more than $2.3 billion within the first nine months.
Cybersecurity spending increased sharply and by the end of the year should finish at around US$80 billion, according to Gartner’s estimates. While the U.S. House and Senate continued to debate cybersecurity legislation, US government agencies amassed a whopping security budget of $12.5 billion, collectively.
There were unforgettable breaches — like TalkTalk, Hilton, and Carphone Warehouse, although the sexiest headlines went to the Ashley Madison breach. There also were countless daily reports of breaches due to “sophisticated attacks” and resulting losses from companies whose infrastructure — despite all the spending — remained woefully vulnerable. Even United States President Barack Obama stepped into the fray, cementing an agreement with China in the hope of limiting the scope of nation-state hacking. Good luck with that!
Looking back, it’s painfully clear that while we may not have known then the names and faces of the victims, or the numbers behind the M&A, funding, budget and breach news, most of this was predictable in 2014. So will next year be any different, or are we doomed to repeat the past, yet again?
Unfortunately in most respects, 2016 won’t change much: users will still unknowingly click on malicious links; IT departments will still be bad at staying up to date with patching; the bad guys will continue to attack; and the tide of misery from breaches will persist. What matters most is whether your organisation will be a victim or not. Of course you could do nothing, and be lucky. But the only way to control your fate is to lead your organisation to the high ground based on a well-considered, security-first strategy.
It is important to remember that, despite their claims, most security vendors cannot help you. Within the market we see too many “me too” vendors, who’s main focus in on the staple of detection. Within the endpoint security sector alone, over 40 vendors are bringing to market a feature set that Gartner terms “EDR,” or endpoint detection and response. The sole goal of this is to help find a breach in progress — provided you know what to look for in the first place. Despite vendor claims, detection can’t protect you, and it isn’t advancing much, even when disguised as artificial intelligence (AI). In a world of adaptive, intelligent attackers, even the best AI technologies have a tendency to make masses of mistakes. In fact, Ponemon estimates that a typical large enterprise spends up to 395 hours per week processing false alerts — approximately $1.27 million per year.
Of course, security (still) won’t be solved inside the Beltway. Year after year, public sector companies hang their hats on the hope that cybersecurity legislation will somehow do the trick. This year was no different. You may recall recall that CISA and the Wassenaar Agreement both sparked industry-wide debates around data security, civil liberties, privacy and exploit controls. There is no doubt that security is a serious issue and a hard problem to solve, but it’s one that is not going to be solved by governments. . Much like healthcare, security is a systematic problem that requires more than a band-aid or firewall to fix. Security legislation will require government collaboration that it is simply unrealistic to expect at this current time. .
It is also important to remember that the same vendors that promise to secure you still won’t be held accountable for breaches. PwC predicts that the cyber insurance market will triple in the next five years. While insurance will do little for the peace of mind or job stability for CISOs whose companies experience a breach, it will hopefully force organisations to take a long, hard look at the cost of their continued insecurity. It’s time for you to force your vendors to be accountable instead. If a vendor claims to secure your network, force them to accept liability if your organisation is breached. Pay your endpoint security vendors based on the value they deliver. Free is a good option when regulations demand the functionality, but the vendors fail to protect you. Force your vendors to put their money behind their marketing messages. Greater accountability means greater drive for cybersecurity technologies that do what they claim to do and actually help to mitigate threats.
My recommendation: Instead of relying on post-hoc analysis in the hope of spotting a breach, your focus in 2016 should be on adopting solutions that make your infrastructure more secure by design, to prevent a breach before it starts. Move to the cloud. Adopt micro-segmentation and micro-virtualisation. And upgrade to the latest operating systems.
I don’t think we’ll see an end to data breaches in the near future, but if organisations stop relying on faith in marketing claims and government and being complacent and start questioning the status quo and demanding answers and accountability from vendors, we’ll be able to see many of the breach news headlines disappear.
Sunak to use budget to expand apprenticeships in England
LONDON (Reuters) – British finance minister Rishi Sunak will announce more funding for apprenticeships in England when he unveils his budget next week, the government said on Friday.
Employers taking part in the Apprenticeship Initiative Scheme will from April 1 receive 3,000 pounds ($4,179) for each apprentice hired, regardless of age – an increase on current grants of between 1,500 and 2,000 pounds depending on age.
The scheme will extended by six months until the end of September, the finance ministry said.
Sunak will also announce an extra 126 million pounds for traineeships for up to 43,000 placements.
Sunak’s March 3 budget will likely include a new round of spending to prop up the economy during what he hopes will be the last phase of lockdown, but he will also probably signal tax rises ahead to plug the huge hole in the public finances.
Sunak is also expected to announce a “flexi-job” apprenticeship scheme, whereby apprentices can join an agency and work for multiple employers in one sector, the finance ministry said.
“We know there’s more to do and it’s vital this continues throughout the next stage of our recovery, which is why I’m boosting support for these programmes, helping jobseekers and employers alike,” Sunak said in a statement.
(Reporting by Andy Bruce, editing by David Milliken)
UK seeks G7 consensus on digital competition after Facebook blackout
LONDON (Reuters) – Britain is seeking to build a consensus among G7 nations on how to stop large technology companies exploiting their dominance, warning that there can be no repeat of Facebook’s one-week media blackout in Australia.
Facebook’s row with the Australian government over payment for local news, although now resolved, has increased international focus on the power wielded by tech corporations.
“We will hold these companies to account and bridge the gap between what they say they do and what happens in practice,” Britain’s digital minister Oliver Dowden said on Friday.
“We will prevent these firms from exploiting their dominance to the detriment of people and the businesses that rely on them.”
Dowden said recent events had strengthened his view that digital markets did not currently function properly.
He spoke after a meeting with Facebook’s Vice-President for Global Affairs, Nick Clegg, a former British deputy prime minister.
“I put these concerns to Facebook and set out our interest in levelling the playing field to enable proper commercial relationships to be formed. We must avoid such nuclear options being taken again,” Dowden said in a statement.
Facebook said in a statement that the call had been constructive, and that it had already struck commercial deals with most major publishers in Britain.
“Nick strongly agreed with the Secretary of Stateâ€™s (Dowden’s) assertion that the governmentâ€™s general preference is for companies to enter freely into proper commercial relationships with each other,” a Facebook spokesman said.
Britain will host a meeting of G7 leaders in June.
It is seeking to build consensus there for coordinated action toward “promoting competitive, innovative digital markets while protecting the free speech and journalism that underpin our democracy and precious liberties,” Dowden said.
The G7 comprises the United States, Japan, Britain, Germany, France, Italy and Canada, but Australia has also been invited.
Britain is working on a new competition regime aimed at giving consumers more control over their data, and introducing legislation that could regulate social media platforms to prevent the spread of illegal or extremist content and bullying.
(Reporting by William James; Editing by Gareth Jones and John Stonestreet)
Britain to offer fast-track visas to bolster fintechs after Brexit
By Huw Jones
LONDON (Reuters) – Britain said on Friday it would offer a fast-track visa scheme for jobs at high-growth companies after a government-backed review warned that financial technology firms will struggle with Brexit and tougher competition for global talent.
Finance minister Rishi Sunak said that now Britain has left the European Union, it wants to make sure its immigration system helps businesses attract the best hires.
“This new fast-track scale-up stream will make it easier for fintech firms to recruit innovators and job creators, who will help them grow,” Sunak said in a statement.
Over 40% of fintech staff in Britain come from overseas, and the new visa scheme, open to migrants with job offers at high-growth firms that are scaling up, will start in March 2022.
Brexit cut fintechs’ access to the EU single market and made it far harder to employ staff from the bloc, leaving Britain less attractive for the industry.
The review published on Friday and headed by Ron Kalifa, former CEO of payments fintech Worldpay, set out a “strategy and delivery model” that also includes a new 1 billion pound ($1.39 billion) start-up fund.
“It’s about underpinning financial services and our place in the world, and bringing innovation into mainstream banking,” Kalifa told Reuters.
Britain has a 10% share of the global fintech market, generating 11 billion pounds ($15.6 billion) in revenue.
The review said Brexit, heavy investment in fintech by Australia, Canada and Singapore, and the need to be nimbler as COVID-19 accelerates digitalisation of finance, all mean the sector’s future in Britain is not assured.
It also recommends more flexible listing rules for fintechs to catch up with New York.
“We recognise the need to make the UK attractive a more attractive location for IPOs,” said Britain’s financial services minister John Glen, adding that a separate review on listings rules would be published shortly.
“Those findings, along with Ron’s report today, should provide an excellent evidence base for further reform.”
Britain pioneered “sandboxes” to allow fintechs to test products on real consumers under supervision, and the review says regulators should move to the next stage and set up “scale-boxes” to help fintechs navigate red tape to grow.
“It’s a question of knowing who to call when there’s a problem,” said Kay Swinburne, vice chair of financial services at consultants KPMG and a contributor to the review.
A UK fintech wanting to serve EU clients would have to open a hub in the bloc, an expensive undertaking for a start-up.
“Leaving the EU and access to the single market going away is a big deal, so the UK has to do something significant to make fintechs stay here,” Swinburne said.
The review seeks to join the dots on fintech policy across government departments and regulators, and marshal private sector efforts under a new Centre for Finance, Innovation and Technology (CFIT).
“There is no framework but bits of individual policies, and nowhere does it come together,” said Rachel Kent, a lawyer at Hogan Lovells and contributor to the review.
($1 = 0.7064 pounds)
(Reporting by Huw Jones; editing by Jane Merriman and John Stonestreet)
Robinhood plans confidential IPO filing as soon as March – Bloomberg News
(Reuters) – Online brokerage Robinhood, at the centre of this year’s retail trading frenzy, is planning to file confidentially for...
Wall Street Week Ahead: Investors weigh new stock leadership as broader market wobbles
By Lewis Krauskopf NEW YORK (Reuters) – A shakeup in stocks accelerated by the past week’s surge in Treasury yields...
SoftBank reaches settlement with former WeWork CEO Neumann
(Reuters) – SoftBank Group Corp said on Friday it has reached a settlement with WeWork’s special committee and the company’s...
Sunak warns of bill to be paid to tackle Britain’s ‘exposed’ finances – FT
(Reuters) – British finance minister Rishi Sunak will use the budget next week to level with the public over the...
Exclusive: European officials urge World Bank to exclude fossil-fuel investments
By Kate Abnett and Andrea Shalal WASHINGTON (Reuters) – Senior officials from Europe have urged the World Bank’s management to...