When Threats Persist
The time may just be ripe for a change in thinking when it comes to putting together an enterprise security mechanism
The information security industry is notorious for creating false alarms and publishing out-of-proportion reports on extent and cost of risk.
All the same, a lot of enterprises are equally notorious for being penny-wise and pound-foolish or overlooking important aspects when it comes to deploying security solutions.
In between are today’s mobile, screen-hopping users who like to be in control and yet scoff at the idea of employers or regulators requiring them to stick by policies or take strict measures to protect data.
As we have seen from multiple security breaches across the globe, not all alarms are false. Also, users and enterprises behave differently in response to incidents.
The struggle to provide complete security to users and enterprises continues unabated, with a complex mesh of tools, including anti-virus, firewall, counter-intrusion, encryption and what have you.
However, the time may just be ripe for a change in thinking when it comes to putting together an enterprise security mechanism. From doing things the traditional way to a more cohesive and comprehensive approach. And from taking a reactive and siloed stance to doing a proactive, thorough analysis of the needs of a particular enterprise.
That is because, of late, a new kind of beast is rearing its head worldwide: advanced persistent threat. APTs, as the attacks are ‘acronymly’ known, have wreaked serious havoc over the past half decade or so—at large organizations, sensitive government bodies, the poster boys of Web such as Google, and even the providers of security itself (RSA, Symantec, among others).
The new threats use a combination of tactics and tools to make highly targeted attacks. Of particular note are the use of zero-day vulnerabilities and social engineering employed to gain and maintain access to the targeted network—and escape detection for months on end. In most high-flying cases that have been reported, the breaches were discovered after the intended damage was done.
This seems to have upended the security industry, as enterprises are in a bind as to how much and what security measures can they really take to tackle targeted attacks.
In India, APTs are still relatively new but the recent DRDO attacks have put a spotlight on them. Will the banks and telcos (likely targets in addition to government agencies) be next? Are they prepared to deal with APTs with what they have or would they need specialist solution layers to pile on top of their existing jumbles?
Maybe they don’t need to wait for a real serious attack to occur in order to find out the answers.
– Sanjay Gupta
Editor, Express Computer