Skip to main content

The Cyber Security Mega Cycle Aftermath

September 07, 2017

During the past decade, we have witnessed a virtual explosion in the cyber security world. While serving as CEO of McAfee and FireEye, and a U.S. Army commander and CIA director, respectively, we have lived through and witnessed first-hand exponential growth in: threats, threat actors, reported breaches, security vendors, investments in security companies and probably most significantly, private and public sector security spending.

cyber-security-exploision

Our estimated numbers are simply staggering:

 20072017

Threat Actors<50>1,000

Threat Types<50>1,000,000

Alerts/Day (Average Per Firm)<1,000>1,000,000

Security Vendors<100>2,300

VC Investments<$500M>$6B

Security Spending<$3B>$80B

 

The situation is dire by any measure. The western world is contending with significant cyber threats on both its eastern and western fronts – a virtual cyber sandwich. On one side, we have had to deal with the “Great Chinese IP War,” which we have been witnessing from 2008 to the present, in which more than 20 Chinese military agencies have attacked and stolen intellectual property from more than 5,570 (last count) U.S.-based companies. Chinese military agencies have fed this IP to state-owned enterprises (SOEs) to close the gaps in China’s innovation relative to the western world. 

Equally devastating, the “Great Russian Information War” has escalated as well. Military and intelligence agencies such as the former Soviet Union intelligence and state security organizations (now the FSB and SVR) and Russia’s military intelligence service (the GRU) have attacked, manipulated and successfully altered information and could cause issues for decades. Hundreds of major breaches of social media platforms, news outlets, political organizations, email providers, telecommunication systems and satellite providers have created a very challenging situation. 

The combination of an IP war and an information war has highlighted that we live in a world without accepted cyber space rules of conduct, without trust and integrity in all our information, and without hope of peace and tranquility in the cyber domain for a long time to come.

So, what about cyber defenses? Over this same amount of time, most western organizations enormously increased their cyber security spending. Defense-in-depth became the prevailing strategy. Hundreds of security vendors deployed point solutions to counter the changing threat landscape. With each security vendor producing hundreds or thousands of alerts on average per day, the typical organization now has to monitor and respond to millions of alerts daily. An organization just has to miss one alert, and they’re breached. 

Compounding the monitoring and response problem, the hundreds of security companies often don't share intelligence, don't integrate their products and only infrequently cooperate when responding to threats. In addition, there is insufficient government and commercial cooperation, a lack of security standards and many outdated regulatory compliance requirements. 

CYBERscape
Source: Momentum Partners CYBERscape

Why should governments around the world cooperate when they are on the offense? How does the defense contend with nation states with thousands of trained cyber warriors? Breaches are inevitable, and the consequences are increasing in severity, as our critical infrastructure in particular becomes more exposed to technological attacks.

The results of this exponential growth are very worrisome. The offense is clearly winning. We believe we need some serious change to deal with what clearly is a serious problem.

This is why we have engaged in cyber security. And, this is why we have joined Optiv in this fight.

The world needs a global trusted provider of security – an independent and objective security solutions company to assist in reducing the complexity of security; and a trusted researcher, responder and educator. 

At more than $2B in gross revenue last year, 1,700 security experts, and more than 20 years of history and experience as a trusted advisor serving more than 12,000 clients, Optiv is very well positioned to be that company. Optiv brings to the table the depth of technical knowledge of all the security vendors, without a singular focus on one technology or technology sector, and combines this with objective services skills to plan, build and run the right solution for each private or public entity. 

We are excited to support Optiv and its executive team as they work to deliver the next generation of powerful security solutions. And, we look to help private and public entities meet their ever-expanding global needs. 


    General (Ret.) David Petraeus

By: General (Ret.) David Petraeus

Optiv Board of Directors

See More

Related Blogs

May 29, 2012

What is DLP (Data Loss Prevention)?

As a Certified Information Systems Security Professional (CISSP) and Payment Card Industry (PCI) Qualified Security Assessor (QSA), I frequently run i...

See Details

February 04, 2011

Restaurant Protection from Data Security Breach | Optiv

Last week, ABCNews.com published an article discussing a new study in which Visa identified restaurants as the most likely sources of credit card thef...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.


Privacy Policy

RELATED INSIGHTS

July 21, 2015

Network Security Solutions

Learn how we help protect your environment while maintaining connectivity.

See Details

April 24, 2013

Cyber Security Flaws We All Know and Love

Joseph Belans provided an excellent presentation at BSides titled "Hacking like it's 1999: Security Flaws We All Know and Love." Below is a video rec...

See Details

December 10, 2014

How To Survive Breach Failure (Part 1 of 3)

Many organizations have developed security response procedures to satisfy compliance and regulatory requirements; however, when a breach does occur we...

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.

Subscribe

Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.