The Changing Security Threat Landscape

Last week Symantec issued their latest Internet Security Threat Report. These six-monthly reports have become essential reading for all security practitioners. The latest 30 page report (it could do with a good précis) is packed with useful, though largely unsurprising, facts.

The report confirms that the security threat landscape is becoming characterized by attacks that are more professional and increasingly commercial. These attacks are often carried out in multiple stages, using a low-profile compromise to create a beachhead from which subsequent attacks can be launched. Multiple methods of attack are likely to be used and trusted entities will be exploited. Defending against such attacks is not easy. They are difficult to detect and even harder to stop. And in an age when zero-day vulnerabilities are a reality, it’s disturbing to read that some big vendors still have patch development times measured in hundreds of days.

The consequence of this trend is that organisations need to adopt a more intelligence-led approach to security. Identity valuable assets and critical services. Understand the enemy. Think like an attacker. And then implement specific controls to identify and deflect such attacks. It’s no longer good enough to apply a basic level of commodity-level security across your estate. That approach might have been effective in the past. But today’s attackers don’t just focus on soft targets. And the sophistication of their threat has now surpassed the defensive capabilities of most baseline security measures.

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

I could not agree more..... The key to the future is understanding and assigning correct and appropriate values to organisational assets. Only that way will organisations' be able to focus their efforts on protecting what is most valuable to them. This actually fits nicely with a theme on Stuart King's blog regarding the drive towards external service providers for availability of business functions. If this is the direction business is driving in then it will be crucial to understand which information assets can be put in external hands and which must be retained in-house. Get this wrong and organisations may be giving their crown jewels away.
Seems to me two things leap out from the blog and show where a lot of time is being spent. one is Patch. IT will always go to sea in a leaky boat and then try to fix the holes. Two is to find out ways in and try to deflect against that entry point. trusting you find that particular one the hacker is looking for first. Design out all the known type of weaknesses in the first place. Time for the old firewall paradigm to be put on the funeral pyre.
Thanks for the information I have one question though, What is the best way of doing a cost-benefit analysis for a security solution? . How does one determine if the reduction in risk is worth the cost of implementing the security solution?