If attackers want to get in to an organisation’s information systems, they will, says Frank Coggrave, general manager for Europe at e-discovery firm Guidance Software.
“Many IT departments still have their heads in the sand on this issue. Either for budgetary or personal reasons, they are not willing to face the fact that current security investments are not really working or they have not been breached yet,” he told Computer Weekly.
More savvy organisations accept that, no matter how secure they thing they are, some kind of breach is a real possibility. Data breaches having increased ten times in the past five years.
The more successful organisations view attacks as inevitable. They realise defence has got to change and are looking beyond traditional security at their ability to deal with attacks when they happen.
In the past, said Coggrave, organisations relied on herd mentality. They move when one in the herd is hit, but this no longer works in an era when targeted attacks are becoming increasingly common.
Read more about how organisations react to cyber threats
- Aurora attackers target defence firms in flurry of zero-day attacks
- Security Think Tank: Are companies too confident about targeted attacks?
- Hardening the network against targeted APT attacks
- AT&T takes APTs seriously
- APTs: Are they really a concern for all businesses?
“We are seeing more tailored attacks for which there is no early warning because no other organisation is seeing the same attack, so the herd approach no longer works,” Coggrave said.
No business can say it is exempt from targeted attacks, said Coggrave.
“For most businesses, data is their lifeblood. If they don’t have critical information, they don’t have a business. Even a two-man building company has competitors who would like to know what they are charging,” he said.
Enlightened organisations trust no-one
At least one large UK retail organisation is in the process of pulling all its data back into a single, on-premise, self-managed datacentre, said Coggrave.
“This is almost akin to returning to the days of having a mainframe with dumb terminals as they are pulling all data off devices and implementing strict access controls,” Coggrave said. In time this will enable the organisation to support things like bring-your-own-device (BYOD) programmes in a secure way.
While this radical approach is not open to everyone, the advent of cloud computing and consumerisation have made it more difficult to defend company data, which is why all organisations need to put greater focus on defending the data itself.
Understand threat to data
With increasingly complex IT infrastructures and sophisticated attacks, there is a real need for automated responses to either quarantine the problem or eradicate it, said Coggrave.
Having recognised that breaches are inevitable, organisations need to have an effective response capability to limit the damage by reducing the time between detection and response.
Organisations need to ensure they have the capability to make sense of alerts generated by security systems and translate that into an appropriate, intelligent response, said Coggrave.
They should also have the ability to analyse an attack, understand how it got in, where it went and what it took with it. This is necessary to understand what was compromised and what data may have been lost, he said.
The ability to communicate quickly with all endpoints across a network to remove or defend against threats once they are detected is essential, said Coggrave, but most security systems offer only detection without remediation.
“Organisations need to ensure they can do both,” he said.