The great and the good of the cybersecurity industry meet this week for the annual RSA Conference in San Francisco and, as usual, you will expect to see vendors touting their latest and greatest technologies designed to stop bad guys from compromising the businesses we all rely on day to day.
Of course the backdrop to the show is the increased sophistication and capability of the cybercriminals targeting our extended networks, and many of these criminals are looking at cyber compromise as a job rather than a hobby or something to do to boast about their skills with their friends. In many ways these people are just as professional as the thousands of cybersecurity professionals meeting in the U.S. this week.
At the same time, more and more devices and things we do are using the Internet to connect. While headlines of fridges sending spam are amusing at one level, they do indicate the growing connectivity of all sorts of devices which use the Internet to do something -- often without the security needed to prevent them being exploited at a future time. Indeed Cisco suggests that the Internet of Things (IoT) has expanded the potential attack surface with its exponential growth to approximately 10 billion connected things -- with an expectation of 50 billion by 2020. And if you think this is unlikely, just look around your home and see how many toys, consoles and devices you have connect to the WiFi. You might be surprised.
Given this, we need a new security model to secure the Internet of Things as traditional IT security approaches to defending the boundary of an organisation are clearly no longer applicable.
Today's attackers are so sophisticated and well-resourced, and will invest huge time and efforts to get into a target. Once there, they will look to stay there as long as possible hidden and spreading across the extended network, which includes cloud, virtual and endpoints.
This change in attack, from 'noisy' and visible; to stealthy and quiet, means we security professionals need new tools in our armoury to protect those businesses and governments we work with.
We find the best way to view security is to look at your network and defences from the view of an attacker and rather than assuming it might not happen -- assume it has already and set your plans accordingly. Indeed the recent Cisco Annual Security Report highlighted how every business they studied showed signs of generated visitor traffic to Web sites that host malware. Ninety-six percent of networks reviewed communicated traffic to hijacked servers. Similarly, 92 percent transmitted traffic to Web pages without content, which typically host malicious activity.
So, it is happening already and today you need to manage the whole attack continuum - before, during and after an attack. Only then can you hope to regain some of the initiative and ensure that damage to reputation and customer data is minimized, uncovered and remediated as quickly as possible.