Skip to main content

Cisco . Firms Must Stop Playing ( Whack-a-Mole ) with Hackers



the growing number of large-scale, high-profile cyberattacks is evidence of something Martin Roesch has been predicting for several years now: the so-called industrialization of hacking. Security professionals need to respond with advanced strategies that can better defend against this new breed of attacks, said Roesch, vice president and chief architect for the Cisco  Security Business Group, who was speaking Thursday at the RSA Conference 2015 taking place in San Francisco.
As hackers have become increasingly sophisticated, they've found ever more profit and opportunity in breaking into the networks of businesses and other organizations, Roesch said. It's reached a point where, today, the hacking industry is three to five times the size of the security  industry, he said.
That means that security experts need to approach their defense strategies from a new perspective, Roesch said. The past approach, which involved keeping security strong enough in hopes that hackers would move on to less-protected targets, no longer works, he told the RSA audience.
Barriers To Hacking Are Low
The old way of looking at cybersecurity was, "if you just raise the bar high enough, the bad guys will go away," Roesch said. "They don't go away anymore." What's more, hackers today don't need many resources to break into the IT systems of almost any organization. "The barriers to entry are low," he said. "It doesn't take all the skills in the world to break into all the sites in the world."
It doesn't help when large, supposedly sophisticated organizations don't employ even the most basic cyber protections, Roesch said. He cited a recent Cisco survey that found fewer than half of security professionals make use of critical security tools. Those included identity administration and provisioning, used by just 43 percent of respondents; patching and configuration for defense, used by 38 percent; penetration testing, employed by 39 percent; and quarantining of malicious applications, which is done by 55 percent.
Such security shortcomings extend even to point-of-sale devices like electronic cash registers and payment systems in retail outlets. "Most breaches involve very simple vulnerabilities," said Charles Henderson, Vice President of Managed Security Testing at the cybersecurity firm Trustwave, in another presentation at the RSA conference. He added that point-of-sale vendors don't help the problem when they do things like use the same administrator password for their devices for years (nine years, in at least one case).
Stop 'Playing Whack-a-Mole'
Roesch said security experts need to start asking themselves what they are doing and why they are doing it. They then need to consider new approaches for fighting today's hackers.
One approach would use a more comprehensive threat  defense architecture that integrates the many security solutions most organizations currently use, he said. He noted that many companies use anywhere from 30 to 60 different security tools for different applications and areas of their IT infrastructures. However, by bringing information from all of these solutions into a single visibility platform, organizations can launch responses across all systems at once, rather than one at a time, Roesch said.
"The idea is to see once, protect  everywhere," he said. Greater visibility would also enable better prioritizing of responses, Roesch added. In this way, companies could make sure they focus first on the most potentially destructive breaches rather than on a host of different threats across different systems. Roesch said he believes this is "doable."
Finally, it would help to have pre-defined responses ready to prevent an unconstrained compromise to a company's networks in which "the longer you stay connected, the worse it gets," he said. Roesch compared such an approach to the fail-safe response used to protect spacecraft in flight.
"The idea is to minimize damage," Roesch said. "We need to have a better response available than playing whack-a-mole with the hackers."

Comments

Popular posts from this blog

Disney Discovers How To 3D Print with Fabric

We have seen 3D printers produce objects from plastic and even metal. But the Magic Kingdom is living up to its name with the announcement that it has designed a 3D printer capable of printing with fabric. A group of researchers at Cornell University, Carnegie Mellon and Disney Research unveiled the invention in a paper last weekend. According to the researchers, the device is capable of forming precise, but soft and deformable 3D objects from layers of off-the-shelf fabric. Among the objects the research team produced were a fabric bunny, a Japanese doll, a touch sensor made of fabric, and a smartphone case with an embedded conductive fabric coil for wireless  power   reception. Touch-Sensitive, Wireless Power To form each object, the printer uses a single sheet of fabric to create each layer of the object. The printer cuts this sheet along the 2D contour of the layer using a laser cutter and then bonds it to previously printed layers using a heat sensitive adh...

Top Link Shortening Websites to Make Money Online

While there are many ways to make money online, I believe making money by URL Shortening is one of the best for newbies. Just shorten URL, people click on it and you make money. Quite fantastic, isn’t it? Today I am going to present before you the top legit URL shortening website that you should choose to make money online. I have taken care of many factors before ranking them, like Page Rank, Alexa Rank, My Experience etc. I’ll keep on updating the list when it is needed. Before jumping to the Shorteners I would like to explain the factors on which ‘Top Legit Shorten URL and Make Money Online Sites’ list is based: Page Rank:  Page Rank is the one factor that Google uses to rank websites on their search results. Page Rank of a site can be anything between 0 and 10. Page Rank is generally given on the basis of quality of site and backlinks it has got. Alexa Rank:  Alexa Rank shows the relative popularity of website over internet. Less is the Alexa Rank, more the si...

Comcast Deal May Be Dead, But Cable Consolidation Will Go On

Even if Comcast's $45.2 billion bid for Time Warner Cable is dead, consolidation among the companies that pipe in our TV, phone and Internet will carry on. Combining the No. 1 and No. 2 U.S. cable companies would have put nearly 30 percent of TV and about 55 percent of broadband subscribers under one roof, along with NBCUniversal. That appeared to be too much concentration for regulators. Bloomberg News and The New York Times both said Thursday that Comcast is planning to drop its bid, citing unidentified people with knowledge of the matter. Comcast and Time Warner Cable declined to comment on the reports. But cable companies are likely to keep merging as online video options proliferate, the number of cable and satellite TV subscribers slips and costs rise for the shows, sports and movies piped to subscribers. At the same time, there will be more competition for young customers seeking stand-alone Internet and mobile video offerings and cheaper TV channel packages. T...