Time to Refresh: Overhauling Security Technology and Systems
The recent Websense/Ponemon Institute report gave a number of poignant insights into the minds of security professionals. Possibly most telling of all was the number stating that given the resources and opportunity, they would completely overhaul their security technologies. Whilst 22 percent were confident that their existing security was strong enough in its current form, significantly more (29 percent) felt that a complete overhaul of their security systems was needed.
If we accept this number as representative of a wider global picture, then almost a third of corporate security teams consider their current security to be anything from inadequate to barely fit for purpose. This should cause great concern for these organisations, for the following reasons:
- Inadequate or 'bare essentials' security leaves an organisation vulnerable to an ever-increasing number of threats.
- Teams who perceive a lack of investment into corporate security may become discouraged that their roles and responsibilities are not being taken seriously enough.
- Projects to completely overhaul security solutions - as with any system so widespread throughout and integral to the company - will require significant resource commitment and budget.
A contributing factor to this desire to refresh security is the frequent (47 percent) disappointment in the level of protection provided by current security solutions, with only 12 percent of respondents having never been disappointed. This may be the result of a number of factors, such as:
- Perceived inadequate vendor response to latest threats
When a new threat is discovered, you want to be certain that your vendor is protecting you in real-time, or distributing the fastest possible update. Even a simple alert that your security solution does protect you or is being updated will engender confidence, whilst silence or an admission of vulnerability will promote uncertainty and concern.
- Actual failure to protect against a threat
If you are the victim of an advanced threat or data theft, you need to have a serious conversation with your vendor. Did the threat exploit a weakness, or was the product's coverage not sufficient, or not appropriate, to defend against it. It may be that your security solution covers only certain parts of the "Cyber Attack Kill Chain", and is not able to protect you against particular attack channels, such as targeted phishing attacks or the latest exploit kits.
- Legacy countermeasures not offering sufficient protection
Many organisations may still be relying on a security countermeasure that, although powerful when it was first implemented, is inadequate to cope with today's targeted and advanced threats. When industry became aware of online security issues, the focus was on anti-virus and firewalls to protect the individual and organisation. Modern security needs include protection from sophisticated web-based malware, targeted phishing attacks and data theft. If your security solution has not evolved with the threat landscape, your vulnerability is increasing with each new attack.
Encouragingly, 49 percent of respondents said that they were planning to make significant investments and adjustments to their cyber security defences in the 12 months following the report. The catalyst for this could be a recent security breach or a review of existing solutions which has highlighted deficiencies. Whatever the root cause, organisations which have committed to investment in this area should be conducting wide-ranging research, on the threats they are likely to face and the security solutions which can comprehensively protect against them. Respected and trusted industry analyst reports can provide significant support to these efforts, giving a balanced view on the strengths and weaknesses of products and vendors. However, security teams must be able to understand both their business and technology requirements, vulnerabilities and risks against the likelihood of a threat targeting their most critical assets.
It is all too easy to discount the danger of today's threat landscape, until the threat is at (or already through) our door, but it is something that no organisation can afford to be complacent about. As well as increasing sophistication, attacks occur with great frequency, particularly to the larger, most recognizable organisations. As noted by JPMorgan after their recent data breach, "Companies of our size unfortunately experience cyber attacks nearly every day." Keeping your security optimised is a never-ending process, but one that is essential to best protect your organisation, individuals and data.
I recommend that you download the 2014 Ponemon Report to see the full findings.