Rethinking our security defences
Published 11:07, 17 May 10
UK businesses have seen a sharp rise in IT security breaches in the past two years, according to a recent report by PricewaterhouseCoopers entitled The Information Security Breaches Survey.
In fact, despite increased spending on security defences, the number of companies attacked has risen three fold to 92 percent and the cost to business of these attacks has increased by more than that.
One conclusion you can draw from this is that the traditional approach to security is becoming less effective over time. While businesses continue to focus on perimeter and end-point security measures, cyber criminals are changing the game though new types of malware combined with social engineering and insider help.
Advanced malware, such as the recent Conficker worm, use a variety of techniques to penetrate perimeter defences and, once inside, to remain undetected. Disabling auto-updates, re-patching operating systems and applications to re-open vulnerabilities, DNS blocking and shutting down anti-malware applications are just some of their tricks.
Point defence solutions have proven to be ineffective in the early detection of these types of attacks as their view is a narrow one. As was covered in a recent blog post, fraudsters are also using sophisticated phishing schemes to steal personal and business information and using this information in social engineering schemes to get others to assist in the fraud process. While education can help here, a focus on “putting the customer first” will always provide opportunities for compromise where people are involved.
Traditional approaches to security are still required but they are no longer sufficient. The corporate mindset needs to move from a focus on fortifying the defences to a realisation that breaches have occurred and will continue to occur in the future. A second perimeter capability is needed to detect and remediate ever changing attack vectors and the answer does not lie solely in technology but with smart technology tied to a holistic approach to threat detection and remediation.
At the heart of any second perimeter defence is the Security Operations Centre (SOC). While not a new concept, it is the place where tools and dedicated expertise come together to tackle cyber threats over the long term. Like any centre of excellence it needs good people, process and technology to be effective. On the people side the requirement is for a multi-disciplined team who together can provide the timely analysis and remediation necessary to protect the availability and integrity of our corporate assets.
Advanced SOC procedures and best practice implementations exist today but need wider adoption in both the public and private sectors. Smart tools complete the picture by consolidating log and other event information from across the enterprise and reducing the volume of security events to a manageable, actionable number that is prioritised based on the situational awareness of the assets and business processes involved.
Successful SOC implementations require support from the highest levels of the organisation and an ongoing commitment from a funding perspective. Like any IT project, they face stiff competition from other IT projects where the return on investment is more easily understood, and it often takes the fallout from an internal breach to galvanise thinking and commitment. If the PwC research tells us anything it is that business as usual is no longer a viable strategy when it comes to IT security.