Recent reports indicate more than $90 billion will be spent on cybersecurity in 2017. In the aftermath of some of the largest data breaches in history, does anyone really believe it’s been money well spent?

One top security company executive certainly doesn’t think so. “Organizations are spending 10 percent more on security, but the reality is that breaches are growing 40 to 70 percent per year,” said Tom Kemp (pictured), co-founder and chief executive officer at Centrify Corp. “No matter how much money they’re throwing at the problem, it’s getting worse.”

Kemp stopped by theCUBE, SiliconANGLE’s mobile livestreaming studio, and spoke with co-hosts John Furrier (@furrier) and Dave Vellante (@dvellante) at CyberConnect 2017 in New York City. They discussed Centrify’s identity model, best practices for protection, and the possibility of government regulation. (* Disclosure below.)

Centrify has built its business around security for the hybrid enterprise with a particular focus on government departments. Two of its largest customers are intelligence agencies. The company uses privileged identity management as part of its core security offering, a set of solutions to strictly control user access and privileges.

Attack vector has changed

Centrify’s privileged identity solution has become more popular as attackers go after credentials. “The attack vector has completely changed,” Kemp said. “The attackers are going after the actual users.”

Earlier this year, the company conducted a study with Forrester Research that identified practices which sharply reduced the risk of breaches and credential compromise. Multi-factor authentication and limited lateral access across the network were key elements in successful protection.

“Make sure that people don’t have too much access for too many things,” Kemp said. “If you can follow this maturity model, we have seen that organizations have experienced a significant reduction in the number of breaches.”

CyberConnect attendees heard several presenters issue warnings about the threat of government regulation. The failure of companies to protect critical data despite the major amount of spending isn’t the only issue drawing the attention of federal regulators. Recent hearings in Congress over the ability of foreign countries to purchase advertising on social media platforms has also put pressure on the tech industry.

“If Facebook, Twitter, all these other social networks are not going to do something about foreign governments advertising on their platforms, they’re going to get regulated,” Kemp said.

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of the CyberConnect 2017 event. (* Disclosure: TheCUBE is a paid media partner for the CyberConnect 2017 conference. Neither Centrify Corp., the event sponsor, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE