Report looks at advantages cybercriminals have over defenders


Cybercriminals maintain the advantage over government and company defenders because they are not hampered by bureaucracy, can adapt their capabilities to chase maximum compensation, can take advantage of many dark web markets and have the motivation of money, publicity or embarrassment of their target to drive their efforts.

These are just some of the reasons that organizations are at a disadvantage according to “Titling the Playing Field: How Misaligned Incentives Work Against Cybersecurity,” a report from CSIS and Intel Security.

Surveying 800 global cybersecurity professionals from five industry sectors, the report found a disconnect between what executives and agency leaders believe their organization has implemented as a cybersecurity strategy and what operators agree has been done.

Leadership often views success through performance metrics such as program or recovery costs, rather than positive returns from vulnerability scans and penetration testing. The top levels of the chain can be more focused on existing threats rather than new ones.

A lack of financial incentives, as well as recognition, awards and professional development opportunities, hound cybersecurity professionals, while cybercriminals have no issues finding motivation to increase the speed and focus of their efforts.

There are lessons the report suggests can be learned from the criminal market, however. For instance, using outsourcing and open contracting to reduce costs, increase competition and push broad adoption of technologies and practices plays off of the open, decentralized criminal market.

Patching practices must be accelerated to counter the constant attack of disclosed vulnerabilities.

Information sharing and collaboration, as well as drawing on a global talent pool, should be encouraged in the way cybercriminals use open forums and an unconstrained ecosystem to spread successful new attacks and exploits.

Recognizing that government programs or policies can necessitate a change in cybersecurity strategies, organizations acknowledged they could benefit more from working with the government, sharing threat intelligence with partner organizations and outside consultants (something 43 percent of respondents said they already do).

Among those surveyed, 88 percent of respondents (and 93 percent of U.S.-based respondents) said voluntary models (such as public-private partnerships) could be used to provide value to operators in their day-to-day technical mission. A majority feel faster access to security clearances could improve cybersecurity and information used in cybersecurity decision-making

And, finally, incentives must be aligned from leadership down to operators to promote the best security outcomes.

The entire report can be found on