“Cybercrime may now be bigger than the drug trade”, quoted the City of London police commissioner Adrian Leppard.
Security breach announcements that were once a rarity in the non IT world are now BBC front page news on a regular basis. Whether it’s the attack and successful removal of data from a previous unknown (but now well known) dating site or the more recent attack and potentially successful data breach of a major consumer telecoms services provider, Cyber attacks are the norm. Is it time to accept them as a necessary by product of the relentless creation and consumption of digital data, sadly yes. But to accept they exist does not mean an acceptance that an attack should be effective when there are so many steps that can be taken to reduce the potential for success. Defending and securing IT systems are not an easy task as the approach includes people, process and systems. To keep all three security aware and congruent at all times is a challenge with that one “out of sync” moment the attack window for a hacker. Do nothing or “do something but slowly” is a sure-fire way to be the next big story on the front page of the BBC news broadcast. It’s time for new thinking, new skills and better visibility EVERYWHERE or the enterprise will NEVER be secure.
Many years ago a large IT company ran a brilliant ad campaign about the need to think differently. In the case of IT systems and Cyber security, thinking differently should include a rigorous appraisal of existing defences, a perspective on the most valuable digital assets within the organisation (and the additional protection they require) and most importantly the need for people to change the way they interact with digital systems (vigilance). To defend against an attack, it’s time to “think like an attacker” and not based on a viewpoint that attacks follow standardised behaviour, are seeking random targets and lack rigour and planning. Today’s attackers or attack teams are extremely well trained, often well funded and have razor sharp focus on the target and expected outcome. Old school thinking based on technology will fall short in this new digital age. It’s time for new school thinking based on the psychology of an attacker as that will surely deliver greater value (protection).
We are in the midst of an enterprise business landscape with an aging work population aligned with traditional IT skills needing to evolve to a revised “digital rich” skills portfolio. This new skillset is likely to be software influenced and will definitely drive the need to think differently, learn now and learn very differently. And to further compound matters the emerging work force of Generation Y and Z thinkers may not be viewing Information Technology as the “must join” profession of circa 25 years ago. Modern enterprises face the quandary of an old workforce with dated security skills, coupled with a new workforce with skills too new to make an impact – who then will solve the security challenges we currently face? Sadly the skills problem will not be resolved overnight with a major investment in academic level cyber awareness, new age security skills training on mass for existing networking and security personnel plus enhanced employee security education as a mandatory activity within all enterprises. It’s time for enterprise organisations to encourage everyone who embraces the benefits of IT to also part be of the solution to the cyber security challenge.
There has been an age old management quote highlighting the difficultly managing things that can’t be seen – so why believe it to be different with data and information technology outcomes. Digital data is now the DNA of modern enterprises with the potential to ignite ongoing success or collapse an organisation to failure. Full visibility of data from edge to core with the potential to preempt attacks or fast remediate breaches is now an essential element of the enterprise IT systems operational playbook. Breaches will occur in a digital data rich enterprise due to the challenge of continually appraising human, IT and non IT systems behaviour in context and in sync. However enhanced visibility leveraging optimised data analytics can highlight anomalies or areas for further investigation earlier with the hope it’s early enough for the correct intervention prior to a breach. And if an when a breach unfortunately occurs, “flight recorder” type data playback of the pre and post breach state will accelerate the time to triage and remediate plus reduce the potential for a mirrored attack. Many highlight “encryption everywhere” as one of the most impact full strategies for data protection and the emerging and very interesting “software defined perimeter (SDP)” approach (zero trust access control and data movement) as instant fixes. There is no doubt that both will be highly effective protection elements but only as part of a wholesale rethink of security defence, protection and breach remediation.
Enterprises MUST now change their approach and security solutions expectations. The increased use of mobile solutions, cloud computing and virtualisation are not creating a problem for security professions but instead delivering the potential to “reset” security protection and defence within the enterprise. The days of “adding more layers”, often bigger or higher than previously delivered are no more – instead it’s time to design a solution for an enterprise in a state of continual attack not in “comfortable defence”. Effective digital systems security WILL be a primary business enabler in the digital age as enterprises that fail to defend well, remediate quickly and understand attacks may not survive for long enough to fully recover.
Until next time.
Chief Technologist – Networking, Security, UC – Computacenter UK
Intel’s announcement last week that the McAfee name was being retired was greeted with varied responses but McAfee is and always was a serious security vendor and the always connected strategy is one that plays well in the current threat landscape. At Computacenter we view security across Workplace and Datacenter, network and cloud and as such Intel Security is one of the few vendors that can stake a claim right the way across the organisation. Visibility across this piece with effective correlation of security events alongside the Global Threat Intelligence platform makes Intel Security a great solution if visibility were key.
Vendors get acquired and product names change so what’s different about Intel’s rebranding of McAfee? Well this marks the completion of the integration of Intel and Mcafee’s security organisations and brings two logos that are synominous with computing and security together. In the same conference Intel Security Group announced their intention to make mobile security free later this year. Some components of mobile versions of McAfee software will be free to use on iOS and Android devices, while Intel will introduce Intel Device Protection technology this year to improve enterprise security of all Intel-based Android mobile decisions. This move I have to applaud as malware on the Android platform has been an issue for some time now and it’s long been my assertion that with the increased processing power and unlimited bandwidth of many phone contracts lays open the potential abuse of these platforms for nefarious means.
Fear, uncertainty and doubt aside Intel have the potential to dramatically change the threat landscape and mitigation of the majority of malware on mobile devices is to be applauded – in the commoditised world of mobile phones consumers shouldn’t have to worry about malware stealing information from devices that are increasingly more trusted than online banking apps in a standard browser. It does however beg the question why Windows Mobile 8 seems to be missing from the mix and maybe the answer lies in the integrated security of the platform – only time will tell whether this becomes the next target for criminals and state hactivists.
So what are the implications of a grown up Intel Security Proposition? 2013 was the year in which the market shifted from a prevention strategy to one of detection and mitigation – from “It’s not when you are breached but how soon you detect and mitigate a breach.” From an organisation that drives the global computing evolution I’m expecting great things – imagine a safe internet where computing environments self heal and mitigate against a trusted baseline and where there is no scope for running malware to impact or exfiltrate information. Let’s be honest the only thing that is probably preventing this is sheer computing power – A cohesive Intel Security Strategy promises great things and I look forward to what Intel Security has in store.