How To Recognize False Claims And Avoid Cybersecurity ‘Snake Oil’

How To Recognize False Claims And Avoid Cybersecurity ‘Snake Oil’

How To Recognize False Claims And Avoid Cybersecurity 'Snake Oil'

Cybersecurity – Have you ever been awake at 3 a.m. and looking for something to watch on TV? If so, it’s likely you’ve gone down the rabbit hole of infomercials. Vendors make bold claims about products that can do anything and everything. However, many of these claims are sensationalized or, in some cases, completely fabricated — and from my experience, it’s something common with many cybersecurity products as well.

Promising unrealistic results is not new; it’s just the modern-day iteration of the proverbial “snake oil” salesman. Most people have a healthy amount of skepticism and enough common sense to not fall for infomercials. Those good senses, it turns out, often don’t extend to cybersecurity purchases.

The next-gen blockchain AI cure for what ails you.

If you purchased a new miracle adhesive from a late-night infomercial and found that it actually didn’t stick things back together at all, would you double down and spend even more money to buy the next wonder glue that came out?

Probably not. I hope not. Yet that is pretty much the way organizations handle cybersecurity tools. Cybersecurity spending goes up year after year. According to estimates from Gartner, $124 billion is expected to be spent on cybersecurity in 2019 — an 8.7% increase over 2018, and nearly $23 billion more than in 2017.

With all of that spending, you would think the corporate environment would be impervious to cyberattacks and that data breaches should be a thing of the past. At the very least, you would expect that things wouldn’t get worse, but they are.

The volume of exploits has been growing constantly, and ransomware attacks are on the rise. According to research conducted by Risk Based Security (via Forbes), 2019 is on track to be the worst year ever, with 4.1 billion records exposed in the first half. All of the money spent on cybersecurity doesn’t seem to be working as advertised. On the contrary: A study conducted by the Ponemon Institute (via CSO) found that even with all of the investment in cybersecurity tools, it still takes organizations an average of more than six months to even detect that they’ve been breached.

Time for a whole new cybersecurity strategy.

The problem with the majority of cybersecurity solutions is that they’re reactive. The market assumes that organizations will rely on traditional methods of filtering and analyzing content as it crosses the perimeter and runs on the endpoint. It is a flawed strategy that reveals a cognitive dissonance.

If we succumb to an all-around unhealthy lifestyle, just activating one more diet and fitness app subscription on our smartphone will not solve our health issues. The focus needs to be on prevention instead.

Kill the elephant in the room.

Today, business revolves around the web. Employees use the web for everything, whether work-related or personal. That makes the web browser the most used application. It is also the least vetted and most vulnerable application.

Attackers understand this, which makes the browser one of the most targeted applications. According to the Defense Information Systems Agency (via C4ISRNET), as many as 70% of cyberattacks come through browsers.

Most security teams give little thought to the web browser itself. It comes free with the operating system. Some may install a different free browser. Either way, the web browser is a third-party application that exposes the business to risk. The standard approach to “secure” it is to pile on layers of security: firewalls, intrusion detection systems (IDS), endpoint security, security information and event management (SIEM) systems and more.

In the end, the web browser is still vulnerable, and the cybersecurity tools deployed around it are still reactive. This security patchwork doesn’t instill confidence or peace of mind, and it’s reflective of a gamble most organizations will eventually lose.

This article originally appeared on forbes.com To read the full article and see the images, click here.

Nastel Technologies uses machine learning to detect anomalies, behavior and sentiment, accelerate decisions, satisfy customers, innovate continuously.  To answer business-centric questions and provide actionable guidance for decision-makers, Nastel’s AutoPilot® for Analytics fuses:

  • Advanced predictive anomaly detection, Bayesian Classification and other machine learning algorithms
  • Raw information handling and analytics speed
  • End-to-end business transaction tracking that spans technologies, tiers, and organizations
  • Intuitive, easy-to-use data visualizations and dashboards