Security is not a destination but a
constantly moving target. And the trick for solution providers and enterprises
is to move faster than the 'enemy'
With due apologies to the uber brands of the automobile world, there are only two types of mass-market cars (considered from a certain standpoint): those that have some security products installed and those with just plain vanilla, factory-fitted locks. Then, even among the ‘secured’ ones, there’s an entire cornucopia of fitments – gear locks, ‘hockey sticks’, central locking...the works.
Nevertheless, both types of cars get
stolen.
But if I were to ask you, Which cars get
stolen more often and in greater numbers? you would promptly answer the
question without consulting the stolen-vehicle investigation department.
Just as we try and secure our assets in the
physical world (but often end up losing them), so it is in the more subtle
realm of information flow. Companies can use the best antivirus on the market,
set up advanced firewalls or configure multiple layers of authentication, but
they may still not attain foolproof security.
Having said that, organizations have no
option but to try as many ways to protect critical information – their
life-blood in today’s competitive world – as possible. And keep at it
relentlessly, because security is not a destination but a constantly moving
target. The growing crop of thieves, hackers and anonymous groups lurking in
the darkest corners of cyberspace are always ready to raise the bar for
security vendors and solution providers by launching more and more
sophisticated attacks (sometimes with alarming success).
Consider the enormity and reach of some
recent security attacks. Around a year back, as many as 77 million Sony
PlayStation Network accounts were hacked, resulting in loss of millions of
dollars to the company as its site went down for a month. Even the top
purveyors of security like RSA and VeriSign were not immune: RSA's parent
company EMC is said to have spent over $60 million on “remediation” when a
series of “spear-phishing attacks” were launched against its employees. In
VeriSign's case, there was a debate about the extent of damage resulting from unauthorized access to the company's servers. But the point is, no-one is
spared when it comes to security breaches.
In the future, the problem is only going to
get compounded, what with the wider adoption of social media, and trends such
as Bring Your Own Device (BYOD) and enterprise mobility. Put this together with
the increasing sophistication of Advanced
Persistent Threats (APTs) and organized crime syndicates – and you have
a recipe for disastrous breaches.
There are some in the industry who think
that adopting measures such as retina scans, fingerprinting and other
biometrics will stem the tide of attacks. But there are experts who dismiss
such claims. For instance, Professor Steffen Schmidt, co-author of the book The
Silent Crime: What You Need to Know About Identity Theft, is of the view
that identify theft will only increase with technological advances.
I think we are going to have more security but never enough of it. The only thing to be sure is that, in the fast-moving cavalcade of security, there will be no time for applying brakes.
I think we are going to have more security but never enough of it. The only thing to be sure is that, in the fast-moving cavalcade of security, there will be no time for applying brakes.
No comments:
Post a Comment