Companies selling network security technology typically boast about how well designed and effective their solutions are, whether it’s malware protection, intrusion detection or the latest-generation firewall. But John Vigouroux has been telling the security industry the rhetorical equivalent of "we’re doomed." He’s sharing a startling statistic from an FBI cyber-crime statistics report from 2011 (along with industry analysis) showing that while the amount of money spent globally on network security and the amount earned by cyber criminals were about even in 2007--between $21 billion and $22 billion each--by 2011 it wasn’t even close. Things will only get worse by 2013.
At RSA 2011, Vigouroux, the CEO of M86 Security, called the financial losses from cyber crime a "calamity," totaling $100 billion and dwarfing the security market in 2011 at $33 billion. At RSA 2012, he called the situation a "pandemic," amid FBI forecasts that proceeds from cyber crime will jump to more than $330 billion by 2013 while the network security market only grows to $43 billion.
The graph he uses to make his point could easily be overlaid onto a chart of the death toll from the Great Influenza Pandemic of 1918 (Source Wikipedia).
"Whatever number it is, it’s absolutely out of control," Vigoroux said as he looked across the exhibit floor at the Moscone Center in San Francisco during RSA 2012. "All these companies here compete for a purchase order, but we’re really trying to fight cyber criminals. And yet, we’re getting our butts kicked really, really bad."
The "what we’re doing isn’t working" theme echoed through the conference last week. Related comments included those from the company for which the conference is named. Art Coviello, executive chairman of RSA, said in his keynote address, "We are at serious risk of failing. New breeds of cyber criminals, hacktivists and rogue nation states have become as adept at exploiting the vulnerabilities of our digital world as our customers have become at exploiting its value."