Adversaries winning cyber warfare
Failure to discover breaches is getting worse and has a meaningful impact on the cost of those breaches, says HP.
At this point in time, the adversaries are clearly winning the cyber war, as they have continued to innovate and evolve.
So said Mike Armistead, VP and GM of enterprise security products, Fortify, at HP, in a keynote address at the 8th annual ITWeb Security Summit, held at the Sandton Convention Centre in Johannesburg.
"Regardless of how much we are spending to keep the adversaries out, they are still getting in. And after they do, we are not successful at finding them. If we continue to think of our defences in a check box, technology specific and project-based, nothing is going to change for us," said Armistead.
According to Armistead, in 94% of the breaches last year, the affected organisations were notified by a third party.
He also pointed out that the failure to discover breaches is getting worse and has a meaningful impact on the cost of those breaches.
"The data is telling us that the time it takes, on average, to discover a breach is 416 days. Think about that; it is well over a year," he revealed.
"And since 2010, the time to resolve and mitigate the breaches now takes about 71% longer. And this is important because, based on a recent report that HP sponsored with the Ponemon Institute, faster identification and remediation drives significantly lower damage.
"This tells us that our adversaries are innovating. When you combine this with the increased leverage of attack tools like Zeus, or the favourite of Anonymous, Low Orbit Ion Canon or LOIC, something different is going on and we need to pay attention to these changes if we are going to improve our success rate."
However, Armistead is confident the security industry can improve its position. "I think it starts by going back to the basics and rethinking our approach. We need to assess our skills, but more importantly, I think we need to start looking at the situation from the perspective of our adversaries so that we can more effectively respond."
First, he said, the security industry needs to get a better understanding of what the market expects it to do as well in-depth knowledge of the adversaries.
"Our capabilities are defined by industry checklists developed by committees and our adversaries count on that. We are proud when we meet these regulatory standards. These have definitely raised the bar. They have also provided a blueprint for our defences. Consequently, our goal cannot be to aspire to the low bar if we are going to effectively fight this adversary."
Armistead also pointed out that the standardisation of security policies has done a great deal to raise the bar for the industry. However, he noted that they will continue to fail to secure the industry because they lack focus on the adversary.
"No framework discussed in committees will be able to evolve as fast as a marketplace. We need to build our response in a way that disrupts the adversary at every step of their process."
He noted that one of the main challenges the industry was facing was budgetary constraints as a result of operating in budget cycles.
Another challenge, he said, is that the security industry works with hundreds of technologies deployed across multiple internal functions that are required to work in concert to respond quickly.