Five years ago, companies were concerned about denial-of-service attacks and the latest virus instigated by a lone hacker operating out of a college dorm. While these are still real concerns, today's landscape has become more sophisticated in both the nature of attacks and the perpetrators. Today's hackers are comprised of technically sophisticated criminals who are often part of a larger, confederated crime operation.
And they have become increasingly clever, sidestepping signature-based security through another class of threats called "ransomware," which targets vulnerabilities at specific companies, and then extorts money from them in exchange for not unleashing the ransomware. In this case, companies cannot rely on the latest signature to be developed. They are on their own to defend themselves.
Any hacker that wanted to commit real damage a few years ago would have had to have been a programming technophile to be able to develop and execute harmful viruses. Today's tools have evolved to a level of ease so that anyone with basic computer skills can learn how to build their own bot network or create virus malware.
The good news is that we have the technological capabilities and know-how at our disposal to protect our networks and infrastructure. It is a matter of understanding the measures that need to be implemented to mitigate these threats to a manageable level.
For one, there needs to be tighter cooperation between key industry, academic and governmental experts. To date, there have been numerous, successful public-private efforts established to protect cyberspace, such as CERT, a federally supported, privately administered clearinghouse for information about computer vulnerabilities. However, there still needs to be improvement, particularly at the federal level to keep the nation's agenda focused on cyber-preparedness. The recent Department of Homeland Security appointment of an Assistant Secretary for Cyber Security is a step in the right direction.
Companies also need to take a more preemptive approach to their security infrastructure. This means re-evaluating how security can be applied ahead of the threat. Instead of waiting for attacks to happen, we need to focus on prevention. There are threat research organizations that study the behavior of attacks and look at trends to better predict what will be coming down the road. This research is being used to look beyond individual instances to create technology that can stop entire classes of threats and vulnerabilities before they infiltrate our networks.
Operating ahead of the threat will also guard against the practice by which renegade researchers sell vulnerabilities they discover — be it legitimate enterprises or criminal elements. In the last few years, this has become a major issue in the industry that has to be stopped. A smarter, preemptive approach will go far in reducing the hold that vulnerability information has over the industry and its ability to empower criminals.
As exemplified by ransomware, companies cannot rely anymore on traditional signature-based security to protect themselves. Rather, they need to be thinking about how to combine the latest security intelligence, products and on-demand services to stay ahead of the threat.
One of the ways companies will be doing this over the next year is by looking at purchasing security software as a service. While security has traditionally been closely guarded and managed in-house, the movement toward preemption will make outsourcing aspects of security more attractive to many companies in terms of reducing overhead costs and ongoing management of infrastructure.
–Tom Noonan is the general manager of IBM Internet Security Systems.