Traditional security defenses are becoming less effective against a new breed of cyber attacks, which have increased 6.5 times since 2006. We’ve moved from intrusion attacks to disruptive attacks and now we’re facing destructive threats.
According to FireEye, a US-based network security company, the new breed of attacks is able to evade signature-based defenses and the increasing use of pattern matching also is not effective against these new threats.
Our traditional approaches just aren’t working. Some eyebrow-raising data points from the RSA Asia-Pacific conference earlier this month:
- Antivirus software only stops 5% of malware that is unknown
- 60,000 new pieces of malware are detected every day
- 9,000 malicious websites are identified per day
- 94% of all countries host malware servers (that’s 184 countries out of a UN count of 196)
- 95% of companies are impacted
- Mobile app vulnerabilities have increased 68% since 2011
- 94% of breaches are reported by a third party and take 416 days to detect
- Since 2010 the time to resolve a breach has increased 62%
Spending on IT security has more than doubled in the past ten years - with 10% annual growth in budgets since 2009 - but the problem is only getting worse.
That is hardly a surprise with corporations allocating just an estimate 3% of IT budgets on security, and of that 80-85% is spent trying to block attacks. That leaves just about 15% for detection and only 5% on response. So there is little doubt we’re spending in the wrong places.
Given the current threat environment, RSA executive chairman Arthur Coviello, Jr. says breaches are probable or almost enviable. A hacker only needs to get through once in 10,000 tries to be effective, which is why blocking is a poor strategy.
Dan Lamorena from HP says taking control of security is mainly a budget issue. But there’s more to it than throwing money at the problem.