News

IDC: traditional IT security is broken says security expert

Warwick Ashford

Traditional IT security is buckling and breaking under increasingly sophisticated, high-quality malware attacks, says James Lyne, senior technologist at security firm Sophos.

"Cybercriminals have embraced cloud computing and have unbelievable processing power at their fingertips," he told the IDC Security Conference 2010 in London.

Sophos is detecting an infected website ever 2.31 seconds and 60,000 new pieces of malicious code a day, up from just 5,000 in 2009.

Cybercrime is a wonderful business that has become highly organised, with organisations selling each other tools and services, said Lyne.

"There are even services which cybercriminals can use to benchmark the effectiveness of their attacks and get tips and advice on how to make them better," he said.

Malicious code is being developed and deployed by highly skilled and intelligent criminals to gain access to all corporate systems, including those running on the Linux operating system, said Lyne.

In light of this, businesses, organisations and the security industry need to change the way they think about security.

"We need to move away from the traditional focus on content because cybercriminals are able to change that content too quickly," said Lyne.

He believes security must make greater use of reputation and behaviour to have any chance of being effective and deployment of controls will shift towards endpoint devices.

But, said Lyne, although traditional security is no longer effective and has generally become too complex for businesses to deploy, a simple return to best practices can bring immediate benefit.

Significant improvements can be achieved, he said, if all users band together to follow simple best practices while businesses update to more effective technologies and processes.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy