A new approach to IT security needed

Joseph Waring
19 Jun 2013

Traditional security defenses are becoming less effective against a new breed of cyber attacks, which have increased 6.5 times since 2006. We’ve moved from intrusion attacks to disruptive attacks and now we’re facing destructive threats.

According to FireEye, a US-based network security company, the new breed of attacks is able to evade signature-based defenses and the increasing use of pattern matching also is not effective against these new threats.

Our traditional approaches just aren’t working. Some eyebrow-raising data points from the RSA Asia-Pacific conference earlier this month:

  • Antivirus software only stops 5% of malware that is unknown
  • 60,000 new pieces of malware are detected every day
  • 9,000 malicious websites are identified per day
  • 94% of all countries host malware servers (that’s 184 countries out of a UN count of 196)
  • 95% of companies are impacted
  • Mobile app vulnerabilities have increased 68% since 2011
  • 94% of breaches are reported by a third party and take 416 days to detect
  • Since 2010 the time to resolve a breach has increased 62%

Spending on IT security has more than doubled in the past ten years - with 10% annual growth in budgets since 2009 - but the problem is only getting worse.

That is hardly a surprise with corporations allocating just an estimate 3% of IT budgets on security, and of that 80-85% is spent trying to block attacks. That leaves just about 15% for detection and only 5% on response. So there is little doubt we’re spending in the wrong places.

Given the current threat environment, RSA executive chairman Arthur Coviello, Jr. says breaches are probable or almost enviable. A hacker only needs to get through once in 10,000 tries to be effective, which is why blocking is a poor strategy.

Dan Lamorena from HP says taking control of security is mainly a budget issue. But there’s more to it than throwing money at the problem.

Related content

No Comments Yet! Be the first to share what you think!