Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Cyber Failures Spark Search for New Security Approach

WASHINGTON – With cybersecurity’s most glaring failures in the limelight, many experts say it’s time for a new approach.

WASHINGTON – With cybersecurity’s most glaring failures in the limelight, many experts say it’s time for a new approach.

In recent weeks, the security community has been rocked by news of a massive breach at online giant eBay affecting as many as 145 million customers, following another that hit as many as 110 million at retailer Target.

A US indictment earlier this month accused members of a shadowy Chinese military unit for allegedly hacking US companies for trade secrets, a charge denied by Beijing.

The incidents highlight huge gaps in cybersecurity, or the ease in which malicious actors can break into a single computer and subsequently penetrate a network or cloud.

“The old model (for cybersecurity) doesn’t work,” said James Lewis of the Center for Strategic and International Studies.

“It is getting worse and getting out of control… One of the dilemmas is that when people have a choice between security and utility, they often choose utility.”

A survey released Wednesday by the security firm Trustwave said it identified 691 breaches across 24 countries last year, with the number of incidents up 53.6 percent over 2012.

“As long as criminals can make money by stealing data and selling that sensitive information on the black market, we don’t expect data compromises to subside,” the report said.

Advertisement. Scroll to continue reading.

Much of the problem stems from so-called “phishing” attacks in which emails are disguised as coming from a trusted person.

When links are opened, hackers can install malicious software allowing them to control a computer, and potentially an entire network.

A report by security firm Symantec found a 91 percent increase in targeted “spearphishing” attacks in 2013 and said more than 552 million identities were exposed via breaches.

IBM recently unveiled a new cyber defense system aimed at thwarting attacks before they happen, with predictive analytics.

Symantec suggests a similar approach touting its platform “that aggregates and correlates unfiltered alerts from a diverse set of technologies, harnessing global threat intelligence to detect traffic patterns associated with malicious activity,” according to a blog post by Symantec’s James Hanlon.

Hardware Security Approach

But others in the cybersecurity community dispute that approach.

The idea of predicting and halting attacks “is utter nonsense,” said Simon Crosby co-founder of the security firm Bromium, which uses a hardware-based solution that isolates computers to prevent the spread of an infection.

Crosby told AFP he views as unlikely “the ability to pick through the noise to find a bad guy before he does bad thing.”

He said Bromium offers a better solution “by making the system defend itself by design.”

Johannes Ullrich, a researcher with the SANS Institute, said hardware isolation “is a solid approach,” but just one of many new options being explored.

Ullrich said that in hunting for malware, “you cannot come up with a list of everything that is bad, but what you can do is enumerate what is supposed to be there.”

This “white list” approach has a higher chance of success, Ullrich said.

‘Hunting Ghosts’

The old notion of using anti-virus software, which updates itself based on new malware “signatures,” is rapidly losing credence.

A 2012 study by the security firm Imperva said most software only detected around five percent of malware. Another firm, FireEye, concluded last year that 82 percent of malware disappears after one hour and 70 percent exists just once.

“With the half-life of malware being so short, we can draw the conclusion that the function signature-based AV (anti-virus) serves has become more akin to ghost hunting than threat detection and prevention,” said a blog post by FireEye’s Zheng Bu and Rob Rachwald.

Ullrich said that over time, companies need to invest more in information security and develop strategies before the problems subside.

“Security will never prevent every single breach,” he said. “You want to keep it at a manageable level, to stay in business. That’s what security is all about.”

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...