Shifting the cost of security

Security teams fight a constant battle—and spends lots of money—preventing cyberattacks. We need to shift the burden and have prosecutors go after cyber criminals.


If you deal with enterprise systems security, you likely have an idea what your annual expenditure for security and forensic security is. It’s huge. It’s a time and resource suck like few others. 

The licensing costs will vary, but they’re a considerable fraction of most organizations’ annual IT spend. Ready-made modular costs are platform-dependent. In Windows, it might be a framework from Symantec, Intel Security, or a host of others. Integration into Active Directory isn’t so much difficult as it is tedious. If you start or add Linux, the cost shifts towards any number of frameworks that require at least a moderate amount of labor costs in customization, maintenance and ongoing platform mods.

+ Also on Network World: By the numbers: Cyber attack costs compared +

All of this lasts for perhaps a year or so—until security trends force organizations to re-do infrastructure, license upgrades, rethink patches and fixes, and/or perhaps additionally covered platforms and turf. A tired analogy of Whack-A-Mole takes place because increasingly fluid communications have a baked-in quotient of additional security baggage that has become requisite.

Once on the security baggage gravy train, you cannot get off.

To make matters worse, those responsible for security have to sell corporate management on security needs. These communications are assumed to be a cost of doing business.

This often makes security seem hopeless—even to the optimistic. 

This needs to stop.

A better approach: Law enforcement needs to step up

Prosecutors need to increase their focus on catching spammers, hackers and system crackers and put them in jail—not small-time criminals such as marijuana users, speeders and loose cigarette sellers.

The problem is police, prosecutors, judges and states attorneys don’t fully understand the basic problems of systems infrastructure and how to police systems security. They often don’t know what systems security means, how assets are protected, and how they are stolen or compromised.

There are no beat cops on the Internet.

Add to that a Congress whose knowledge of even basic systems infrastructure is non-existent and a secretary of state (and numerous predecessors) who had her own messaging systems, and the problem becomes huge. Rebuke, it seems, starts at the top.

To fight this cyber war, we need task forces and special private operations groups that look into such things as malicious spam payloads and bot-nets. And we need to put those criminals in jail.

I know it isn’t cheap to hunt down cyber crooks, but we have to do this. And yes, despite my distaste of curing things by government, it’s a common interest: national asset security and trust.

The bad guys are winning, and it’s costing the economy loads and creating trust issues. And until we have public policy combined with appropriate funding to address the problem, the breeches will continue—until we’ve all been robbed.

This means forcing agencies to talk to each other rather than performing their duties monolithically like little principalities. It means crossing the political aisle for the common good—mutual asset protection, and yes, trust—something seemingly dissolved in the current political atmosphere.

Where does it start? At the ground level—you and me. The fiefdoms aren’t going to start talking to each other until we vote for public policy advocates who share both the need and the common desire to cross political boundaries for the public good.

Must read: Hidden Cause of Slow Internet and how to fix it
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies