Does IT Security Fail?

RSA, the security division of EMC, with the contribution of Northeastern University, recently published a report on the reasons why the IT security sector fails to effectively address the modern cyber attacks. The report highlights the challenges faced by the industry, while deepening the best practices that can build an organization in order to achieve everything that managed to achieve so far in safety. It also includes practical advice for professionals from the field of IT security, which can help to improve the strategy and tactics with which face modern threats.

The main messages of the report:

The attacks on the IT infrastructure of an organization and multiply them increases and the economic damage that accompanies them.

The economic impact of these attacks are important and tend to expand.

According to The Global State of Information Security® Survey Research 2015, the number of established attacks worldwide increased by 48%, to 42,8 million, which is equivalent to 117339 per day attacks. Since 2009, the incidents of attacks are growing at 66 % annually. The economic losses due to detected attacks worldwide raised to US$ 2,7 million, about 34% higher than in 2013.

The report notes that the lack of awareness of risk is one of the most vulnerable points in terms of IT security in the US.

Amounts invested in cyber-attacks prevention technologies (prevention-based security) is disproportionately high in relation to expenditure for procurement solutions that can detect and adequately address these attacks. Moreover, the situation aggravated by a "skills shortage". It is important to note that IT security should be based on adequate preparation. One needs a thorough understanding of business processes and entire operation of an organization, as well as the ability to collect and analyze all information related to the security of IT infrastructure. Those organizations do not have adequate staff or experience to deal with such situations should consider whether they need to strengthen the internal IT security team, buying specialized cloud-based services to more fully protect their infrastructures.

Recommendations for better preparation against threats

The focus should now be focused not on what attacks are detected or how successful the effort to prevent several aspiring invaders, but who managed to escape, you may not be protected adequately and what attacks might not have been known.

Preparation - The vigilance and sustained attention should be an inherent feature of any plan to protect the IT infrastructure of an organization. The access control systems can not by themselves effectively against modern attackers who launch attacks at high speed, drawing more and more new weapons to exploit any weakness of protective systems.

Setting priorities - Every IT system and all information has the same value as another. Each organization should define what is critical for a particular function (mission critical) and what about all of the activity (business-critical). What attack would prevent the business development of the company in the future and what will lead many years back or out of the market.

Customization - Those professionally engaged in IT security should first understand the nature of the changes that have occurred in terms of infrastructure - cloud, mobility, BYOD etc. - And then prepare methodically defensive plan and the corresponding tactics to neutralization of new and sophisticated threats.

Light everywhere - There should be no 'dark' points in the IT infrastructure, which could be hidden or where they could escape the invaders. The use of the tools offered by modern technology as well as the examination of the behavior of each user and each device connected to the network infrastructures help to better equip an organization.

Flexibility - A business can not operate under a system of strict policing. The officials should be given freedom and flexibility, there is - to some extent - respect for private activity and sense of confidence. Education and communication with staff should be continuous, so that users can understand and be ready to properly react to attacks that occur through social networks (social engineering).