Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Identity & Access

Spending on IT Security like Larry Ellison Spends on Racing

Image Credit: AC72 Sail 4 / Foiling / ORACLE TEAM USA / San Francisco (USA)Guilain Grenier Oracle Team USA ©

Image Credit: AC72 Sail 4 / Foiling / ORACLE TEAM USA / San Francisco (USA)Guilain Grenier Oracle Team USA ©

You may know Larry Ellison as the founder of Oracle and one-time CEO. He’s also passionate about sailing. In 2013, estimates put his spending on winning the America’s Cup at around $500 million – way more than most organizations’ annual security budget. Why would anyone spend that kind of money for what is ultimately bragging rights?

There is a legend that any skipper who loses the America’s Cup must offer his head as a substitute for the trophy, but that probably wasn’t the main driver for the amount of money spent. Larry’s net worth is north of $50 billion, and he’s over 70, so he can afford to blow half a billion on something he loves, and to satisfy his competitive nature.

Is IT security spending any different?

Obviously, no IT organization has a seemingly unlimited budget the way that Team Oracle did in the 2013 America’s Cup race. But look closer at why spending on America’s Cup racing seems so out of control and it starts to look a bit more familiar.

In the early years of America’s cup racing, universal rules meant that boats were built roughly the same, relying on the skill of the crew to make the difference in competition. But over the years, technology became more critical to winning. In one sense, it has become a technological arms race, though the skills of the crews that compete still matter.

IT security spending is often caught up in the technology arms race as well. Attackers are investing more in new methods and nation-states are also in on the act of attacking corporations, if we are to believe that North Korea is at the heart of the Sony attack and China is at the heart of the Anthem attack as has been said. The scale of resources arrayed against IT security is unprecedented.

Advertisement. Scroll to continue reading.

Getting caught up in the technology arms race

The breaches at Target and Sony resulted in CEOs losing their jobs. Kind of like an America’s Cup skipper losing his head.

The mounting assaults on companies, and on IT, has prompted an 8.2% increase in security spending from 2014 to 2015, according to Gartner. This is dramatic, considering that IT security doesn’t directly add to the bottom line.

With that much focus from the board room, and more mindshare and resources aimed at security, security startups saw a 26% increase in VC funding last year according to CB Insights. It’s a bit of a frenzy. But organizations would be wise to consider security investments that focus on the most pressing threats first.

Where are the most pressing security investments needed?

In the movies, fingers fly furiously over keyboards as firewalls fall. In real life, today’s attackers are abusing insider credentials, especially those of privileged users.

In the Anthem breach, the personal information of almost 80 million Americans was accessed by an attacker who stole a database administrator’s credentials. In the CyberEdge 2015 CyberThreat Defense Report, 77% of security professionals admitted they are not confident they are monitoring their privileged users adequately.

Privileged identity management tools and processes aren’t new, but have been overlooked in the past. If new security investments are on the plan, this is one that should be included.

Team Oracle came back from an 8-1 deficit, winning eight races in a row to retain the America’s Cup – one of the great comebacks in sports history. It’s tempting to point to unlimited technology spending as the explanation, but by the time of the race, that was done. IT security teams can take heart in their example of the will to win, and focused effort that resulted in victory.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.