Regardless of how long you've been involved in security and/or data protection projects, you'll have asked yourself the question "are we protected?" Furthermore, you'll have repeated that very same question each and every time you read of a similar company in your market having been compromised. In the past several years, legislation has been mandating companies publically disclose any data-breaches, which have caused some companies to cease their business entirely, grossly affected market confidence and negatively impacted overall brand value, so you are probably checking in on your security posture more now than ever before.
But how can you prevent being impacted by the increased number of threats we are seeing?
The good news--of sorts--is that threats haven't really changed since we first become more publically conscious of data breaches. For decades we've had opportunistic attackers, script kiddies and cyber criminals all following similar methodologies of attack today as they did back then. We still see performance based attacks through DoS/DDoS; we still see operating system (OS) vulnerability exploits; and we still see application attacks, albeit in far greater numbers these days. The methodology of attacks has remained very similar through the ages, with social networking still the favoured route by the majority of attackers seeking to distribute malware. Cyber criminals range from those that adopt a mass-market approach, reaching as many organisations as possible so that vulnerabilities can be exploited and the data monetized as quickly as possible, through to more sophisticated attackers. These attackers are more targeted and measured, and conduct a period of reconnaissance against their targets to identify weaknesses that are then exploited with cleverly crafted methods to exfiltrate confidential data, intellectual property or hold corporations to ransom. The volume of these types of attacks is less, but has a higher financial gain.
So why are threats seemingly getting worse, when we've advanced at a rate of knots in technology and capability when it comes to threat protection?
Many organisations have implemented a breadth of security technologies from multiple vendors to try to get one step ahead of the problem--from host-based anti-virus solutions, to gateway scanning tools to log management and monitoring products. At the same time, hackers are becoming more advanced, and organisations have yet to fully comprehend the anatomy...