Security Think Tank: Enhanced cyber security requires change in attitude

Does the theft of $1bn from global financial firms by the Carbanak gang show it is time to seek new technologies or improve business processes?

It is time to enhance our security approach. I firmly believe this is not a problem of technology but of the security posture of a company and the attitude towards defending critical assets – in this case, money – with in-depth defence.

There are a number of technologies that, working together, can be effective and efficient in protecting against attacks. What is very much needed is a plan, a process and a systemic approach to security that considers the different phases of detection, identification, protection, eradication and recovery.

If we properly align the technologies we use in terms of privileged account management, next-generation firewall, log and event management, endpoint security and so on, and use the insights from correlating information from them all, we would have a comprehensive set of technologies working towards protecting and defending sensitive information.

This is not just about protecting money but also customer data, health records and billing information. We need to fight advanced persistent threats like Carbanak with advanced persistent security.

Cyber criminals are becoming incredibly advanced at using technology and we must also use technology and processes to defend ourselves and to ensure a successful attack does not mean a successful compromise.

Awareness and training is key. We need to work towards everyone in an organisation understanding the threats and the roles they play. Isaca’s Cybersecurity Nexus is helping address this by providing a holistic approach and resources for cyber security professionals at all levels of their careers.

Ramsés Gallego is international vice-president of Isaca and security evangelist at Dell Software

Read more on Hackers and cybercrime prevention