“There will never be “silence” in the information security world.”
As the world at large reluctantly accepts digital data flows are fast becoming as important as air (ok, that’s stretching the concept slightly but it’s not completely outlandish), protection of those data flows becomes as important as protecting any other key to life. But every day new threats appear, new security challenges become apparent and our attempts to keep them at bay continue to look futile.
Today news of a Stuxnet clone has surfaced that seems to expose links to the now infamous malware that affected SCADA industrial control systems – how long it has existed or evidence of compromise is unknown. IBM researchers have discovered increased coverage of the mobile banking malware Marcher, thus increasing the target landscape of unsuspecting mobile users who may succumb to fictitious notification of funds availability. And the ever present curse of zero day, is again top of mind with Trustwave researchers highlighting as many as 1.5 billion unpatched devices may be vulnerable to a recently discovered Microsoft exploit.
I have highlighted just a few of the ongoing public announcements of security threat and compromise, a full chronicle would be never ending as new information appears in real time minute by minute. Emotionally, some may deem defence against attack a battle that cannot be won with strong evidence to support the point but that is potentially an over simplification. Fundamental security principles and good practice, no different from those applied in non-information technology arenas will help thwart attacks, increase awareness and visibility of an attack in process and accelerate remediation after attack (plus signpost future steps to realise better defence).
I started this outline with a view there will never be “silence” in the security world and for me long may that continue. Both users and organisations should adopt a state of ongoing vigilance, zero complacency and never believe the security problem is solved or the battle won. By getting the basics right, improving understanding of known good states, increasing visibility and measurement of the changes of state from known states (or the highlight of unknown or inconsistent states) and a pragmatic approach to defence based on prioritisation of the “noise” beyond the silence will help to drive positive security solutions rather than signify problems.
Want to know more, keen to rethink security – visit the Computacenter team at Infosec Europe at Olympia London from Tuesday 7th June to Thursday 9th June, stand #E295. We look forward to hosting you and will have a team of business and technology aware security specialists available to discuss security impacts – your way. I hope to see you there.
Until Infosec at Olympia
Chief Technologist: Networking, Security and Collaboration
Not visiting Infosec this year is “not an option” – Knowledge really is power (Computacenter stand L69)
Computacenter will be exhibiting at Infosec Europe, the industry leading “must attend” security event this week (2nd– 4th June) at Olympia, London.
Normally as Computacenter we send a delegation of sales, strategy and technology professionals to listen, observe, exchange viewpoints and take away as much security insight as is possible across “three days”. The customer benefits of Infosec are numerous but the potential to access “everything security in one location” is the one that makes it so compelling for all. This year the Computacenter approach is very different – for the first time Computacenter will be presenting from its own stand at Infosec Europe (stand L69). Why this year over previous years – with the security challenges faced by the social and professional world now regular “dining table” conversations, this year is the year all enterprises must make “right sight security, right way, right now” priority one.
Whether its identity theft, corporate hacking, data loss, protecting users, cyber threat or the myriad of other breaches and issues, security is the board level topic that now cannot slip down the board level agenda. This for Computacenter places security at the top of the list of customer engagement areas which in turn means our investments in capability and solutions will positively affect the security challenges faced by our customers. As Europe’s leading systems integrator for enabling the users of enterprise customers, Computacenter is keen to help organisations tackle the security challenge head on. It’s no longer a case of waiting to remediate on mass when a breach occurs or over equipping the enterprise with an excess of security defences in the hope that it will make breach near impossible.
Attacks are ongoing, breaches happen and even the best defence is only as effective as its last successful defence. The picture painted is now one of the need to maintain a state of continual but relevant awareness aligned with a more rigorous understanding of critical vs non critical information assets. With an increasingly mobile, always on workforce a new state of security awareness and visibility required that is a very different in stance from those of past eras. The Computacenter stand at Infosec (location L69) will allow attendees to discuss datacenter grade core security and the impact on the enterprise edge of the new “work anywhere on any device” employee.
“We believe security is not a short term topic of interest but will continue to be one of the most fundamental enablers of business success or demise within modern organisations.” For that reason and many others I look forward to welcoming you to the Computacenter stand at Infosec Europe (Stand L69) from 2nd June to 4th June.
Until next time (at Infosec Europe this week)