What will make businesses and individuals take the online security threat seriously?
Right now, whether it was the hacks of federal targets like the IRS and the Office of Personnel Management or the news that a major league baseball team had been hacked by a rival, suddenly there is a serious awakening to just how much confidential personal and corporate data is at large – somewhere – on the Internet and just how vulnerable that information could be.
Which is why so many are willing to embrace any ‘silver bullet’ on offer from the cyber security market. From Anti-Virus (AV) software to Next Generation firewalls, Threat Intelligence networks to Sandboxing, the market is muddled and those tasked with deploying technology are confused. While security responsibility is slowly creeping out of the wiring cupboard and onto the board agenda, most companies still perceive security best practice to be too complex, arduous and time consuming to deploy and can be easily enticed by the latest security promise.
But each new wave of technology is nothing more than an inspiration or challenge to a determined hacker. A recent example that illustrates this point perfectly was the Rombertik malware, clearly engineered to undermine the highly expensive and – certainly as far as the vendors of such products would have you believe – impenetrable sand-box technology. While this might be deemed a rare, one-off exception to the general rule, the knowledge is out there and will be commonplace within months. As such, the attack surface is continually evolving, with new weak-spots inexorably being exploited. So where does that leave those organisations that believed by investing in the latest prevention-technologies they had security nailed?
One message remains clear – no one can expect to stop every single new breach. Whether the security threat is internationally funded terrorist organisations, governments, industry competitors, organised crime or even still the clichéd teenage geek, it will continue to expand and also evolve. And facing this kind of future, any organisation not prepared to mobilise a full range of tactics to both stop – and spot – a breach will, inevitably, end up as another casualty of the Internet War.
You can read the full article on Professional Security here.