Technology has made it harder to steal cars. Alarm systems are now connected to highly intelligent computer systems that can shut down the car, transmit GPS tracking information to the authorities, and instantly notify owners about problems via their smartphones. But while computers have done a great job of securing cars and other valuables, computers themselves and the networks they operate on seem more at risk than ever before.
The problem on its face seems somewhat meta: computers protect everything, but who is protecting the computers? And in fact, it is the sheer abundance of computerized devices that connect to networks all around us that is making it so hard for information security companies to protect businesses from the many threats that exist today.
A recent survey found that 40 percent of companies in the U.K. have no cybersecurity plan.
Richard Brown, Director EMEA Channels & Alliances at Arbor Networks, says, “The fact that more than a third of UK businesses lack a formal strategy against cyber-attacks is shocking. Attack methodologies are evolving by the day and as such, it is no longer acceptable for businesses to be complacent about their cyber security strategy.
Antivirus Can’t Keep Up
Because cyber security is such a hypothetical issue until you get hacked or experience real consequences, many businesses use legacy security tools like antivirus and firewalls to protect themselves. But these tools are reactive. That is to say, it has to experience an attack before it recognizes it and protects other computers from it.
Brian Beyer, co-founder and CEO of Red Canary puts it this way, “The sheer volume of malicious programs being generated every day makes it impossible for antivirus software to adequately protect businesses. Last year alone, nearly 600 million malicious programs were identified by the AV-TEST Institute, which is more than 500,000 new programs every single day. When you realize that those programs were only identified after they caused a problem, you begin to see how likely it is your company could be affected.”
New Solutions Emerge
The cyber security industry understands that the solution to viruses and hackers cannot be a reactive one. By being reactive, perpetrators of the attacks are allowed too much time to inflict damage before they are caught. But how can information security companies be preemptive on a playing field where the enemy can make any one of billions of moves at any given time?
One leading solution is called Endpoint Detection and Response (EDR). Because of the plurality of connected devices that are in circulation today (laptops, servers), there are more vulnerabilities to companies’ security than ever before. When an employee connects a device to a public wifi network, they open that organization up to threats that do not have to bypass traditional perimeter security.
“The shift to detection and response approaches spans people, process and technology elements and will drive a majority of security market growth over the next five years,” said Sid Deshpande, principal research analyst at Gartner. “While this does not mean that prevention is unimportant or that chief information security officers [CISOs] are giving up on preventing security incidents, it sends a clear message that prevention is futile unless it is tied into a detection and response capability.”
Managed Detection and Response
How does the cyber security industry implement EDR? It requires a lot of human expertise. Many businesses with IT departments run their own IT security and internally operate a version of EDR. But doing so is demanding and requires an expertise level that many companies do not have or cannot sustain.
One estimate suggests that by 2020 there will be a global shortage of 1.5 million information security professionals. That means that many businesses do not have the personnel necessary to operate EDR, which is why information security companies have begun offering Managed Endpoint Detection and Response.
“EDR is leaps and bounds more effective than what came before it, but there is such a shortage of expertise that even many large companies cannot effectively operate EDR with their existing teams,” Beyer says.
That is why Managed Endpoint Detection and Response is in such high demand. The shortage of information security professionals means more companies are outsourcing their EDR work to firms that can assemble both the best talent and develop the best technology.
How big is the EDR industry? Gartner found that EDR companies did $500 million in business in 2016, a year over year increase of more than 100%. At that growth rate, EDR could be a billion dollar industry quite soon.
But it is appropriate to pause for a moment and look at how far we have come. Cyber security today now requires that we monitor every single event taking place on the millions of connected devices we use. This is done by armies of skilled professionals, computers using the most advanced detection technology, and healthy information security budgets. It’s almost enough to make us all miss dial up.
The opinions expressed here by Inc.com columnists are their own, not those of Inc.com.