Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Identity & Access

Spending on IT Security like Larry Ellison Spends on Racing

Image Credit: AC72 Sail 4 / Foiling / ORACLE TEAM USA / San Francisco (USA)Guilain Grenier Oracle Team USA ©

Image Credit: AC72 Sail 4 / Foiling / ORACLE TEAM USA / San Francisco (USA)Guilain Grenier Oracle Team USA ©

You may know Larry Ellison as the founder of Oracle and one-time CEO. He’s also passionate about sailing. In 2013, estimates put his spending on winning the America’s Cup at around $500 million – way more than most organizations’ annual security budget. Why would anyone spend that kind of money for what is ultimately bragging rights?

There is a legend that any skipper who loses the America’s Cup must offer his head as a substitute for the trophy, but that probably wasn’t the main driver for the amount of money spent. Larry’s net worth is north of $50 billion, and he’s over 70, so he can afford to blow half a billion on something he loves, and to satisfy his competitive nature.

Is IT security spending any different?

Obviously, no IT organization has a seemingly unlimited budget the way that Team Oracle did in the 2013 America’s Cup race. But look closer at why spending on America’s Cup racing seems so out of control and it starts to look a bit more familiar.

In the early years of America’s cup racing, universal rules meant that boats were built roughly the same, relying on the skill of the crew to make the difference in competition. But over the years, technology became more critical to winning. In one sense, it has become a technological arms race, though the skills of the crews that compete still matter.

IT security spending is often caught up in the technology arms race as well. Attackers are investing more in new methods and nation-states are also in on the act of attacking corporations, if we are to believe that North Korea is at the heart of the Sony attack and China is at the heart of the Anthem attack as has been said. The scale of resources arrayed against IT security is unprecedented.

Getting caught up in the technology arms race

Advertisement. Scroll to continue reading.

The breaches at Target and Sony resulted in CEOs losing their jobs. Kind of like an America’s Cup skipper losing his head.

The mounting assaults on companies, and on IT, has prompted an 8.2% increase in security spending from 2014 to 2015, according to Gartner. This is dramatic, considering that IT security doesn’t directly add to the bottom line.

With that much focus from the board room, and more mindshare and resources aimed at security, security startups saw a 26% increase in VC funding last year according to CB Insights. It’s a bit of a frenzy. But organizations would be wise to consider security investments that focus on the most pressing threats first.

Where are the most pressing security investments needed?

In the movies, fingers fly furiously over keyboards as firewalls fall. In real life, today’s attackers are abusing insider credentials, especially those of privileged users.

In the Anthem breach, the personal information of almost 80 million Americans was accessed by an attacker who stole a database administrator’s credentials. In the CyberEdge 2015 CyberThreat Defense Report, 77% of security professionals admitted they are not confident they are monitoring their privileged users adequately.

Privileged identity management tools and processes aren’t new, but have been overlooked in the past. If new security investments are on the plan, this is one that should be included.

Team Oracle came back from an 8-1 deficit, winning eight races in a row to retain the America’s Cup – one of the great comebacks in sports history. It’s tempting to point to unlimited technology spending as the explanation, but by the time of the race, that was done. IT security teams can take heart in their example of the will to win, and focused effort that resulted in victory.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.