Published on the 26/08/2015 | Written by Beverley Head
There’s been a change of language in the lingo surrounding computer security – it’s now all about resilience and response rather than assuring protection…
Delegates at Gartner’s Security and Risk Management conference in Sydney this week are being reminded of the high cost and potential fallout of failing to prepare for data breaches, which most organisations now consider inevitable. Crisis management should be organisations’ standard operating mode according to Gartner research vice president Earl Perkins.
In a week when the world’s daily newspapers have been awash with articles detailing the fallout of the Ashley Madison hack, it’s a timely reminder.
Security experts now largely agree that it’s not possible to guarantee an attack can be avoided; instead, organisations are being advised to implement early detection and action plans.
The extent of the problem is regularly revealed through security analyses.
The Australian Cyber Security Centre’s recently released first unclassified threat report, for example, revealed that the national computer emergency response team, CERT Australia, had responded to 11,073 cyber security incidents during 2014. Akamai’s most recent state of the internet report released this month noted that global distributed denial of service attacks reached a record in the second quarter of the year – 132 percent more than in the similar period a year earlier.
Unwitting employees are often blamed for opening the door to security threats. Verizon’s 2015 threat review reveals that 23 percent of employees read phishing emails and 11 percent click on the attachments, rendering a business vulnerable.
Those organisations that don’t boost perimeter style security with protection of privileged accounts are leaving themselves particularly vulnerable according to John Worrall, chief strategist and marketing officer for CyberArk. He said that “privileged accounts are the keys to the IT kingdom.”
Banks, he said, could have as many as a million privileged accounts, retailers 800,000 – all of which could be used as entry points for attacks.
Worrall said that solutions were now available which monitored such privileged account activity which could identify potentially rogue activity – either from an external or internal source – by identifying unusual usage patterns. “If you see someone that is usually responsible for Windows machines log onto a Unix server at odd times,” then that could be a flag that something was amiss he said.
He added that the “privileged market is just getting started” and predicted that it would undergo significant evolution over the coming decade.
But he acknowledged that there was; “No such thing as 100 percent perfect security,” and that organisations needed to combine traditional protective solutions, such as firewalls, with detective systems able to spot anomalous activity in order to at least reduce their risk profile.