Channel must plug security perception gap

Company bosses are making the mistake of thinking they have decent data protection when all around them the threats multiply and become more sophisticated

At this time of year quite a few of the security vendors issue reports covering the state of the market and their predictions for the year ahead with the aim of making sure the issue remains in the spotlight.

Ironically the release of reports from Cisco, Appriver and some others coincided with US President Barak Obama talking about the need for better cyber security protection giving the subject global headlines.

Away from the need for countries like the US and UK to protect themselves against nation state and cyber terrorist attacks there continues to be a campaign by the security industry to educate enterprises and individuals around the dangers they face.

The Cisco 2015 annual security report  found that only 41% of firms in the UK had sophisticated security in place, which was a lower level than both the US and India, and user naivety continues to be a major source of introducing problems into the network.

The vendor noted that more attacks are now happening at a web browser level and even when there has been a high profile vulnerability exposed, like OpenSSL and Heartbleed, many firms have failed to patch those problems.

The message from Cisco was for security to become more of a board issue and for it to be weaved into every part of the business to make sure that it enabled rather than blocked people from working flexibly.

There were worries that a perception gap was opening up where there was a dangerous perception that the protection was in place and running efficiently when in reality there were still gaps that cyber criminals could exploit.

“Security needs an all hands on deck approach, where everybody contributes, from the board room to individual users. We used to worry about DoS, now we also worry about data destruction. We once worried about IP theft, now we worry about critical services failure. Our adversaries are increasingly proficient, exploit our weaknesses and hide their attacks in plain sight," said John Stewart, senior vice president, chief security and trust officer, Cisco.

"Security must provide protection across the full attack continuum and technology must be bought that is designed and built with that in mind.  Online services must be run with resiliency in mind, and all of these moves must happen now to tip the scales and protect our future.  It requires leadership, cooperation, and accountability like never seen before in our industry," he added.

Hot on the heels of the Cisco report came one from AppRiver which produced its year-end global security report noting that the number of viruses that were contained in attachments doubled from 2013 and spam continued to be a major problem with 5bn sent in just the single month of March.

The report came out with the Sony hacks, believed to have originated from North Korea, still fresh in their minds and AppRiver noted that the response to that attack had come from the President himself.

Speaking in his State of the Union address this week Obama again highlighted cyber security, just days after he had met UK Prime Minister David Cameron and pledged to work more closely to fend off attacks.

Dwayne Melancon, CTO of Tripwire, said that there was an opportunity for the government to take a lead and set the agenda around cyber security that would benefit the country.

”If the U.S. government were to do one thing in 2015 that would make a significant difference in our cybersecurity preparedness it would be to create a standard of due care that would allow companies to objectively evaluate their current cybersecurity investments and make strategic decisions about how to improve them. The problem is that the expectations of what is ‘enough’ cybersecurity protection are very vaguely defined," he said.

There are more global annual security reports in the pipeline with some being published next week and they will show that attacks are on the rise and becoming more sophisticated.

The challenge for the security channel is to react to the information that is coming out of vendors and government and encourage their customers to review their approach to data protection.  

The most worrying finding from this week's output is not just that attacks are on the rise but that some firms believe they are doing enough to counter them when in reality they are still leaving plenty of weak links in the infrastructure.

Read more on Threat Management Solutions and Services