Cyberspace is getting scary! The number of incursions that has been reported to the Global Security Watch for 2015 represents a massive increase from the previous years. The complexity of the attacks, the scope of resulting damages, and the longevity of the window of injury, are all growing. A recently completed SIL study on the general security environment showed a concerning level in the combination of ignorance, willful blindness, and overwhelmed security personnel. This study, based on multiple millions of reporting organizations, highlighted some absorbing factors. Some of these are only apparent when viewed from a massive scope since individual comparisons of security situations failed to build an overall image of overt behavior and trends. One of the most interesting findings from this study is that the platform foundation matters. While there are many ways of augmenting security based on organizational strategy and budget, the physical platform and its operating system, provide the underlying foundation on which everything else is built.
The platform with the clearest advantage for secure operations and asset protection was their traditional mainframe. Irrespective of individual opinions on cost-effectiveness, etc., the notable lack of incursions on that platform type from anything save password misuse in the last calendar year provides exhaustive experiential data on the real-world experience of millions of organizations worldwide. The impact on many aspects of cyber business is enormous. While organizations may be spending a couple of hundred thousand dollars more a year on their base platform to run a mainframe, the savings in remediation, customer confidence recapture and market loss quickly erase any shortsighted cost-cutting.
Of course, specific organization practices, postures, and tactics affect the general security risk profile. However, the study has found clear delineation of the impact on staffing, risk, exposure, and other aspects of operating in cyberspace, based on the foundational infrastructure for an organization's IT.