View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Pointless security perimeters inviting criminals to run riot across IT systems

Networks less secure each year as ineffective, misspent investment provides a semblance of safety.

By Jimmy Nicholls

Perimeter security in IT is no longer viable yet companies continue to overinvest in ineffective attempts to keep criminals at bay.

Eddie Schwartz, vice president of global security at telecoms firm Verizon criticised firms for spending most of their security budgets on ineffective perimeter defences.

"We’ve created what looks like the semblance of security and the bad guys pretty much drive around the perimeter and do whatever they want," he said. "We’ve invested so much money in checklists, perimeter security and securing things that are not that important, that there’s not much money left for anything else."

The 10th Data Breach Investigations Report (DBIR) published last month discovered that attackers are becoming more effective at a faster rate than defenders, meaning in the long-term networks are becoming less secure.

Schwartz added that collaboration was more widespread on the criminals’ side, with breached companies often seeking to hide their vulnerabilities from the public and their competitors.

His remarks come at a difficult time for IT security, with anti-virus software failing to protect consumers while organised crime from | Eastern Europe and Asia continues to outwit every sector, from retail through to telecoms and even finance.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

In a demonstration of how a system could be attacked, Paul Pratley, investigations manager at Verizon, showed how allowing other vendors direct access to point-of-sales systems and back-end servers could quickly lead to customer data being compromised.

"The concept for the security industry for the longest time has been a hard shell and a gooey centre," Chris Nova, global managing principal of the RISK team at Verizon said.

"Most organisations will freely admit they don’t have the budgets to keep up with the spiralling costs of security."

In a conversation with small healthcare firms Schwartz said he had half-jokingly advised them to give up on security, noting that even multinational financial firms were struggling to keep on top of cybercrime.

"In the next 3 years there will be a tsunami of companies avoiding security altogether," he said.

The DBIR recorded a rising number of hacking and malware based attacks, with bespoke cybercrime software being sold for thousands of dollars.

For the past few years most breaches have been for financial gain, with cyber-espionage and attacks for ideology or amusement motivation for a much smaller proportion of breaches.

"This used to be a finite data set with known questions, now this is an infinite data set with unknown questions," Schwartz said.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.