Cyber attackers are savvy, their methods are sophisticated, and we in the InfoSec community need to get over it.
At the Check Point Cyber Security Symposium in Sydney last week, Telstra CIO, Mike Burgess criticized those organizations that overly focus on attributing cyber attacks, or blaming 'sophisticated' attackers for their networks being compromised.
In his address to the audience, Burgess said: "What I observe, what I fear, what I see too much of, is many commentators, many in the industry, and many in media, focus on attribution, with very little focus on the root cause. No-one should lose valuable information where at the root cause there is a known remedy. For me, that is unforgivable in this day and age. And I've got to tell you -- my view at least -- too much of this distraction around attribution takes away from focusing on what's really important here."
Burgess went on to illustrate his point by highlighting some of the language used by companies in response to a breach. After the Home Depot breach for instance, the company said: "The malware used in the attacks had not been seen in any prior attack, and was designed to evade detection by antivirus software".
"Really?" said Burgess. "I mean really?"
Burgess makes very valid point. It's all too easy for organizations to lay the blame at the feet of the attackers, to point to their antivirus software and say "it never stood a chance". Cyber attackers are savvy, their methods are sophisticated, and we in the InfoSec community need to get over it.
Most businesses will, at some point, be targeted by cyber criminals or fall victim to a breach. Once you've got your head around that, it's how you deal with it and how you prepare for it that really matters. Relying on reactive measures like antivirus simply doesn't cut it, in fact, antivirus only stops around 45% of all virus attacks leading Symantec to declare antivirus "dead".
So what's the solution?
Proactivity is essential against a backdrop of advanced threats. Technologies such as privilege management, application control and sandboxing are proven, effective strategies to counter today's threats. Since we launched our unique Defendpoint software the response from the business community, from CISOs and security managers alike has been incredibly positive, so much so that orders are flying in from all corners of the world. Part of this demand is the growing realization from organizations that they need to switch to a more proactive security posture.
In a recent global survey we conducted at influential security events, this switch to the proactive became apparent. Our research found that 44% of those surveyed now identify their security approach to be proactive. A further 27% however are still clinging on to more reactive measures.
Though undoubtedly technology plays a critical role in enterprise security, it is also supported by other practises such as user education. Educating employees that they will be targeted, encouraging them to be vigilant at all times, teaching employees what qualifies as sensitive data, how to identify and avoid threats, acceptable use policies and security policies for instance. Combined with the right proactive technologies, these steps can drastically improve enterprise security.
To round off his speech in Sydney, Mike Burgess presented the Five Knows to Cyber Security - a framework that Telstra has presented at a number of events designed to guide people through the challenges and pitfalls of security.
- Know the value of your data. Know its value to customers, yourselves, maybe your competitors, and most definitely those who wish to do harm.
- Know who has access to your data.
- Know where your data is, both domestically and globally.
- Know who's protecting your data.
- Know how well your data is protected. - Here Burgess points to the usefulness of advice like the Australian Signals Directorate's Top Four, a list of steps that we at Avecto actively encourage organizations to follow.
It's clear then that organizations can no longer point the finger at sophisticated cyber attacks and expect their customers and clients to show sympathy. Simple proactive steps can transform enterprise security from a blame culture to a prepared one - it's up to you to do something about it.
For further information on proactive security, how Defendpoint can help and more, visit our website at www.avecto.com/defendpoint