Alison Higgins-Miller, Vice President, Asia Pacific, Websense, shares interesting insights into current data security solutions and security threat trends. Excerpts:
There are several organisations that do not fully trust their security programmes. How can the situation change?
Almost all of today’s cyber attacks have raised the cyber security bar through a complex set of infrastructure and tools cyber criminals use to rapidly launch new attacks and thereby evade traditional controls. The best defence is to understand malicious techniques and, likewise, organisations need to raise the bar on security defences. Websense prevented more than 4.1 billion live attacks in 2013, nearly all of which exhibited techniques to bypass traditional defences, compromise systems, and persist throughout infected networks in pursuit of confidential data. CISOs require a lot more visibility into what is happening to their sensitive data and how it is being used. One of the ways to overcome this challenge is to have a solution that is unified, dynamic in providing real time defences, and has the ability to protect against data thefts.
You mentioned that IP protection and not compliance is the primary buying driver for data security solutions. Why so?
Organisations can have dozens of entities handing down hundreds of regulations that constantly change. And their compliance policies have to go beyond their network to secure mobile users, peripheral devices, and file-sharing software. Ultimately, compliance is a way of enforcing the protection of confidential data. IP is narrowly defined as patents, trademarks and information that a legal team would protect: it essentially means the information which is really sensitive and valuable to a company. The confidential information may vary from sector to sector; for example, in the pharmaceutical industry, research data on new drug molecules discovery is sensitive; for construction and engineering companies, bid data of projects is essential; and for consumer companies, customer records and their credit card details are sensitive. The IP or sensitive data can also be extended to partner and other third-party information used in the creation of your company’s goods and services.
Exfiltration of data or IP can result in financial loss to organisations, tarnish their brand image and undermine their ability to retain people. So, it is important for organisations to protect this sensitive information to remain competitive and profitable.
Why do you think that integration of security solutions is so important?
Multiple security solutions can mean overlapping functionality, multiple vendors, and increased management. More worryingly, security threats can fall between the gaps of disparate solutions. An unified, completely integrated security solution offers a practical way to escape this dilemma. Above all, a unified content security solution will deliver better protection against advanced threats at a lower total cost of ownership. Investing in integrated security solutions comes with a future to expand security defences over web, email, data and mobile security.
Given that social components are increasingly driving business needs, how does security get affected because of this?
Many organisations today have embraced or are in the process of adopting social media platforms as a major component of their business strategy. However, these platforms give ample social engineering opportunities to cyber criminals for launching sophisticated security attacks. Hackers are now increasingly conducting reconnaissance through various social networks to gather intelligence on their potential victims. Referred to as the ‘threat kill chain’, a series of activities, executed by threat actors to penetrate organisations, are used to expand their footprint within these compromised networks, and steal valuable data.
The kill chain can be segmented into seven discernible stages to help organisations determine the most effective defence strategies: recon, lure, redirect, exploit kit, dropper file, call home and data theft.
It is crucial to understand that attackers are using sophisticated techniques to bypass defences at any or all of the seven stages, and that the further an attack progresses along the threat lifecycle, the greater the risk of data theft. Effective security in 2014 and beyond requires integrated solutions that protect not only at each individual stage, but also across the entire kill chain.
With so much focus on ‘data’, a Ponemon research study showed that 82% of respondents say their company’s leaders do not equate losing confidential data with a potential loss of revenue. Does this show lack of awareness or carelessness?
There is simply a disconnect regarding the perceived value of confidential data. Many professionals find it hard to keep track of the threat landscape and are not sure if they had been a victim of an attack. There is a gap between data breach perception and reality – specifically regarding the potential revenue loss to their business. Executives do not believe that the loss of their organisation’s confidential data could result in a potential loss of revenue which is in contrast to the recent Ponemon Institute research, which indicates that data breaches have serious financial consequences for organisations.
Companies often do not have a good understanding of the threat landscape within their organisation.
What steps can they take towards this?
Organisations need to understand the various stages of the threat lifecycle, current criminal attack apparatus and techniques, and attacker motivations as a foundation for understanding the threat landscape— both individually and holistically. They can gain deep insight into each stage of the attack lifecycle for crucial clues to understand how cyber criminals conduct their attacks, adapt them and gradually, persistently attempt to get closer to the critical data. They also need to recognise that durable protection from the simplest to the most complex new threats ultimately rests in identifying and preventing live attacks at all attack stages, effectively disrupting a criminal’s attack apparatus for both current and future attempts to steal data.
If you have an interesting article / experience / case study to share, please get in touch with us at [email protected]