Home > All, Security Issues > Security isn’t working: but it could

Security isn’t working: but it could

January 13, 2012 Leave a comment Go to comments

This article was first published by, and is reprinted here with kind permission of, Raconteur (Secure Business, the Times, 8 December 2011). For more information on special reports in The Times Newspaper, call Dominic Rodgers on +44 207 033 2106.Security isn’t working. If it were, Sony, Mitsubishi, Citigroup, RSA, the CIA and FBI, Sega, Nintendo, Gmail and so many others would not have been hacked this year. The problem is that cyberwar is an asymmetrical war that favours the criminal, and it needs to be rebalanced.

Mark Reeves

Mark Reeves

The first thing is not to abandon what exists; business must not abandon traditional barrier defences (firewalls, anti-malware, filters, data loss prevention, encryption, access control and so on) just because it isn’t enough. On the contrary, business must redouble its efforts in layered security. “Only layered security can fully defend the corporate environment, as it’s incredibly risky to rely on just one level of protection against unauthorised access to a network,” explains Mark Reeves, SVP International at Entrust.

The second step is to abandon the traditional view, if not the traditional defences, of information security. It is not a business category that stands on its own; it is part of the risk mitigation aspect of risk management – and must be treated as part of the overall function of corporate risk.

Bruce McIndoe

Bruce McIndoe

Bruce McIndoe is president of iJET Intelligent Risk Systems, one of the new breed of companies that takes an holistic view of security and risk management. “Our company is founded on taking a risk management approach to the overall threat in order to provide predictive solutions rather than simple event reporting.” As mobility grows in global business, he gives as one example, so must our attitudes change. Right now, since security isn’t working, it is easier for the criminal to hack the system. But as we improve technical security with encryption and location-aware logins, then the traveling user becomes more exposed. “Criminals are going to start going after the employee rather than trying to circumvent security technically.” iJET analyses the overall threat environment around the world, then analyses corporate data exposure so that companies can focus their threat mitigation effort on their areas of greatest hazard. This is an attitude that we must develop: a predictive and holistic view of risk management – we need to get ahead of the criminals.

Nigel Hawthorn

Nigel Hawthorn

The third step is that we need to share global threat information. The UK’s new Cyber Security Strategy is clear on this. Government will, it says, “establish a new operational partnership with the private sector to share information on threats in cyberspace.” It is less clear on how it will do so; but the model already exists. The cloud.

“What’s needed,” says Blue Coat’s Nigel Hawthorn, “is a means to exploit the power of crowds and create a system of sharing that traces threats between millions of users. Like a herd of zebra, we can be the eyes and ears looking out for new threats and keeping each other safe. A collaborative defence cloud system that joins together millions of users, to track and block the malnets that are responsible for launching attacks, will proactively protect users from future attacks.”

Those are three of the major steps that need to be taken to rebalance the battlefield and make cybersecurity work: an increase in layered traditional defences, the adoption of a new holistic and predictive risk management attitude, and the sharing of threat information on a global scale.

Categories: All, Security Issues
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s