Approaches to security are not evolving as quickly as threats
Three key issues have to be addressed
ORGANISATIONS today face advanced and complex security threats – including nation-state attacks and well-funded cybercriminals. The threat landscape continues to evolve on a daily basis, as malware authors and cybercriminals progress in the complexity and depth of attacks they push out.
And organisations are not as effective as they used to be in fending off these threats, because their approach to security is not evolving as quickly as the threats.
It therefore comes as no surprise that there was a 48% increase in detected security incidents in 2014 from the year before, according to a study conducted by PwC.
These are the three key reasons why businesses today are struggling with security:
1) Security is incomplete
Many organisations have a disjointed, piecemeal approach to security today. Many security products have evolved only as point solutions to point problems.
For example, antivirus software was developed because viruses popped up on computers, and firewalls were created because attackers attempted to break into networks.
As new attacks emerge, businesses are constantly encouraged to purchase ‘one more’ security layer, especially by vendors pushing new technologies.
While this approach worked for a while, attackers have come too far, too fast. There are so many new threats today that organisations are unable to keep up by adding more security layers.
The result is that businesses spend too much money, time and resources to research, purchase, understand and deploy products that ultimately fail to address their needs.
2) Security is complex
Security guru Bruce Schneider once said, “Complexity is the worst enemy of security.” The statement rings true of security in organisations today, as it too often seems that advanced security means it must be difficult to use.
It is often easier for engineers to build a feature that is hard to use than one that is user-friendly. Before Steve Jobs developed the iPhone with its intuitive interface, powerful smartphones existed and some of them even had more advanced features than the first iPhone model.
It took uncommon vision to invent the iPhone and make sophisticated technology simple to use.
Security has also become complicated, due in part to the incomplete protection provided. If a product only addresses a small part of the problem, then the organisation is left with the task of figuring out how to ensure all the products work effectively alongside one another.
Each product has its own console, terminology, polices and alerts, overwhelming IT professionals - especially in small and medium businesses (SMBs).
As organisations try to make sense of disparate tools, Security Information and Event Management (SIEM) systems, which gather, organise and display alerts from several products, have emerged.
Unfortunately, this solution still requires an IT professional to go through data in search of a real danger, and that’s like trying to find a needle in a haystack.
This takes time and resources as many organisations become plagued with false positives and even worse, false negatives that result in IT professionals failing to notice the connection amidst all the noise.
3) Security lacks coordination
Finally, businesses face the challenge of inconsistent and uncoordinated security. This lack of consistency helps explain the failure of technology to adequately protect against coordinated attacks.
It is critical for security professionals to enforce policies consistently throughout an organisation. Yet the ‘a la carte’ nature of today’s security products makes this difficult.
For example, if an organisation does not want users to visit file-sharing websites and simply blocks websites on the corporate firewall, users are still able to get around the block by bringing their laptops home.
In another instance, a desktop manager sets policies for Windows endpoints in one product but the mobile specialist sets a separate policy for Android devices in another product, leading to inconsistency.
Products need to share a common management infrastructure: not just a console, but a shared set of policies to guarantee consistency across the organisation.
That’s not enough, though. Today, a product that focuses on endpoint protection does not know what the encryption or network firewall product is doing. This results in malware and advanced threats slipping through the gaps, exploiting the lack of coordination.
The solution is for technologies to work together, communicating and collaborating across products to better identify and respond to threats.
To truly protect organisations against modern threats, all three of these issues have to be addressed. The next generation of security has to be comprehensive, simple and coordinated.
Maxim Weinstein is the security advisor of Next-Generation End-User Protection at Sophos.
Security chiefs call for investments in ‘transformative’ technologies
Worldwide info-security spending to grow nearly 8%: Gartner
Govt malware, insider threats to dominate security landscape: CyberArk
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.