SAN FRANCISCO — Cybercrime will be a $6 trillion business by 2021, up from $3 trillion in 2016, said Cisco’s John Stewart, senior vice president and chief security and trust officer, citing Cybersecurities Ventures research, during his keynote at the RSA Conference 2018.
“And no, this is not a commercial to get into cybercrime,” he quipped. “Cybercrime is going to double by 2021. How messed up is that?”
It’s pretty messed up. And it speaks to the state of cybersecurity, which Stewart said needs to be fixed now to ensure we have secure networks and IT infrastructures in the future.
The security landscape looks bleak.
As the annual RSA Conference kicked off on Monday, the U.S. and U.K. governments issued a joint alert warning that Russians are targeting American and British organizations’ network infrastructure devices, such as routers.
Plus, nearly every vendor on the expo floor recently released its own security report that essentially boils down to two things: skyrocketing attacks at bigger costs to business.
“Vulnerabilities are up 20 percent by all accounts,” Stewart said. “We have more threats, we have more costly breaches each and every year.”
This year’s show has more vendors that last year, showcasing even more products — yes, Cisco is guilty of this, too, Stewart said.
He referenced Cisco’s Annual Cybersecurity Report, published in February, and gave a very high-level take away: “We are completely screwed, even more than we were last year. Congratulations. Welcome to RSA. That’s precisely the speech I did not want to give.”
And, he said, he does not want to give this speech (again) next year.
“If we have hackers infiltrating our systems for 146 days before they are seen, and we’re not tapping into half the population in order to get diverse teams to fill jobs that are already growing, and we don’t demand vendors develop products with security in mind, I would argue we’re making the future worse, not better. Let’s stop that madness. We have to think about different ideas.”
Different ideas come from diverse thinking, Stewart said, adding that this will also help fill the security skills gap. “Part of what we are facing by 2021 is that 3.5 million jobs will be available that don’t yet have the capacity to be filled,” he said.
Cisco launched its own $10 million security scholarship fund in June 2016 as a way to increase the talent pool with a focus on women. To date, there are 19,010 participating students.
In addition to gender diversity, Stewart said security companies and teams need to “bring in people we don’t usually talk to,” such as governments and other business teams. “It’s about bringing other people into the discussion.”
Companies also need to demand that vendors develop products and services with security in mind, Stewart said: “Demand explicit trust.”