Spending needed to thwart attacks

Most security issues can be contained to some extent, if companies are prepared to invest.

Read time 2min 00sec
It's all a matter of how much you want to spend to reduce risk, says security analyst Patrick Gray.
It's all a matter of how much you want to spend to reduce risk, says security analyst Patrick Gray.

Information security threats, such as continued cyber espionage from China and attacks using malware that wipe data off PCs, are lurking on the horizon this year.

However, security analyst and host of the Risky Business security podcast, Patrick Gray, says the information security sector is not to blame. "Most adversaries could be at least semi-contained - or at least detected after the fact - if management were happy to spend the money and allow serious controls to be implemented. It's all a matter of how much you want to spend to reduce risk."

Gray, who will be speaking at ITWeb's upcoming security summit, says, last year, people had to face the realisation that two-factor authentication is only so effective and password-based authentication is extremely unreliable.

"There were a zillion password dumps last year, including six million from LinkedIn. Two factor authentication has become the bare minimum these days, but it sure isn't perfect."

Gray adds that the attack against Saudi Aramco was also interesting. He explains that, using some fairly unsophisticated techniques, a group of intruders - or a sole intruder - was able to wipe 30 000 of the company's 40 000 machines.

"We saw similar attacks against South Korean media organisations this year, and I think we'll see more and more of these types of incidents."

In person

At ITWeb Security Summit 2013, Patrick Gray will highlight the most interesting information security stories of 2012, and provide a hypothesis on what the rest of 2013 holds in store for the industry. The Security Summit will be held from 7 to 9 May, at the Sandton Convention Centre. For more information about this event, click here.

Gray points out that these sort of attacks can be harmful as, while knocking down a company and its staff for a day is an inconvenience, doing that for a week is damaging and doing it for a month is a disaster.

More of the Saudi Aramco-style attacks are on the horizon, as is continued cyber espionage from everywhere, particularly China, warns Gray. "While most countries steal secrets from each other, China steals whatever it can get its hands on from everyone."

Gray says China has taken the theft of intellectual property and business-critical information and incorporated the practice directly into its growth model. "It's going to become more and more of a political issue."

Login with