The US government is lashing out at Kaspersky Lab over concerns the cybersecurity company would willingly collaborate with foreign government entities, that would pose a serious threat to the US. The case begs key questions on building trust in cybersecurity companies, enabling an effective global collaboration and fostering further local innovation.
How well do we trust cybersecurity companies?
Our businesses and the organisations we work for are very likely to be facing cyber-attacks. The subject presents a very serious global risk. Individuals and organisations rely on a flourishing cybersecurity industry to better manage the risk with technologies and services.
The Cybersecurity Ventures market research group predicts that global spending on cybersecurity products and services will exceed $1 trillion USD cumulatively, from 2017 to 2021. This is big business. The group also tracks a large number of cybersecurity companies and maintains a list of the top 500 world’s hottest and most innovative. It is already a big list for only a part of the industry. Such companies range from large multinational corporations, to small, local and specialised businesses.
The cybersecurity industry is very competitive. Organisations typically subscribe to a variety of cybersecurity companies that they select, based on criteria, including technical and non-technical items and, importantly, trust.
Trust is a big deal with cybersecurity companies. Businesses place some serious trust in the cybersecurity companies they rely upon to protect valuable information and processes. They trust the security controls they buy to be effective and efficient. They also trust the cybersecurity companies will not take or lose their data or be of any threat to their business, whether directly or indirectly through third-parties, including foreign state government entities.
The 2016 Ponemon’s Data Risk in the Third-Party Ecosystem research reveals key findings on how most organisations fail to efficiently manage data risk with third-parties (incl. cybersecurity companies). For example:
- 49% of organisations confirm they experienced a data breach caused by one of their vendors;
- 55% rely upon the third-party to notify their organisation when their data is shared with their other parties;
- 58% say they are not able to determine if vendors’ safeguards and security policies are sufficient to prevent a data breach
Click HERE to read full article.