Archive | May 30, 2012

“Is my data safe – are my systems secure”. Knock once for Yes and twice for No

IT security infrastructure and associated services aim to deliver the secure computing outcomes expected by enterprise organisation. Put simply via effective use of polices, process, IT security platforms, intellect and a little bit of luck organisations and their customers trade and interact in a secure manner.

But do they really? If 2011 was the year of the hack, 2012 is already becoming the year of the advanced attack. The security threat is no longer one of simple endpoint viruses or malware (even though they still exist), but one of advanced threats and attacks with a level of sophistication that makes them difficult to detect. The term APT (advanced persistent threat) seemed to be a marketing term to sensationalise and align real focus to the new wave of multi vector attacks. But no sooner had we branded them, the innovation within the attacks in question has increased.

The new kid on the block is allegedly “Flame“, a virus claimed to be the most complex malware ever found. Threat analysts worldwide have positioned “Flame” as potentially another nation state style malware vehicle that steals carefully selected data (Stuxnet was allegedly another), with a level of sophistication that may take years to analyse and understand.

In the past, this could be ignored as one of those IT systems, or technology based problems that the IT team should solve (and are paid to solve) so deemed less of a priority amongst the non technical community. But with so many high profile names (including Government bodies) now regularly appearing on BBC news apologising for data loss means it may not only be happening by stealth within your organisation, it may be happening as you read this blog (as the best malware isn’t designed to be easily found).

Does that mean it’s time to admit defeat and prepare your apology (and potential resignation letter). Absolutely not – now is the time to challenge even your most secure environment and ask yourself that worrying question “Is my data secure”? Can you really answer “Yes” with confidence?

Enjoy the Queens Jubilee weekend (and keep safe)

Until next time.

Colin W

Twitter: @colinwccuk

%d bloggers like this: