Over the past few weeks, I have been watching some interesting articles trickle across my screen as I peruse industry news. Dark Reading has been posting recaps of significant security attacks and breaches from 2012 as they review the year. Each one of these articles (and this is just one source of industry news) captures security threats in their worst form – the aftermath. Just a sampling of topics to think about:
Insider Threats: “Five Significant Insider Attacks Of 2012” highlights the challenge of managing insider threats. This is a serious challenge since the problem hinges on something many companies truly take pride in – their own employees.
Malware:Malware in 2012 saw a vicious and ominous turn. Malware is no longer the random act of some programmer striving for short-lived and notorious programming street cred. Malware has become the tool of choice for calculated, nefarious crimes.
Data Breaches: Another article, “10 Top Government Data Breaches Of 2012” focuses on the government breaches but highlights just how serious some of these breaches can be in compromising personal information. Healthcare information faced the same serious threats as reported in another Dark Reading story “Most Healthcare Organizations Suffered Data Breaches“. There are other massive data breaches reported in 2012 and these articles are just slivers in the big picture.
What does this mean as we head into 2013? It means that the “incident response” plans that were drawn up, tested, implemented and put up on the shelf a few years ago are not prepared for this new battleground. Security threats – from hacktivists to criminal organizations to state entities – have more tools, techniques and attack vectors than ever before. Just like when the first trebuchet and catapult arrived on the scene outside the castle, it is that time, once again, when the defenders need to re-think their fortifications, evaluate the ramparts and re-invent defenses and lines of resistance.
In the next few blogs, I will discuss the attributes of the “next generation of security operations”. The tenets are simple:
Increase visibility across the enterprise to identify active threats quickly;
Understand the business impacts to better respond; and
Utilize resources to the fullest.
To further my castle analogy, we need to arm the lookouts with telescopes to see the catapults being moved on the battlefield sooner. We need to know where the castle walls are the thinnest and most vulnerable while understanding where the crown jewels are secured. We need to marshal the foot soldiers to the right rallying point to meet the enemy. This is the new paradigm of security operations. The ‘incident plan’ of the past needs to evolve if we want to change the outcomes of the stories I referenced. I would hate to be sitting in January 2014 reading some of these same types of articles. It is too depressing of a way to start off the year. However, with the right strategy, 2013 can be a year of change for security operations.