Implications
Information security technology vendors have been trying to catch up with the hacker community with little success in the last couple years. Most of their tools are out of date the day that they are released for sophisticated attacks. The hacker community has become more organized and focused on their goal to quietly make money through the use of malicious software and social engineering without advertising their capabilities. The vendor community needs to change the fundamental ways the design and produce technology or at a minimum reset expectations on the value proposition of their capabilities if they are to continue to drive value and not become commoditized in enterprise information technology environments.
Analysis
The hacker community of today is no longer the socially awkward but brilliant computer science young person that existed in the 80's, 90's, and early 2000's. The hacker community of today does not openly discuss their capabilities and exploits in order to gain fame. The hacker community of today is older, more patient, and understands that money is more important than fame. They also understand that the tools that are produced by IT security vendors are designed for the problems of yesterday and only address problems once they are widely publicized and understood. As IT departments increase the complexity and access capabilities of their solutions and the amount of sensitive information within them they expose themselves to vulnerabilities that have not and may never be properly addressed by the existing IT security vendors.
Many hackers are now designing single purpose or single use attacks that are designed to compromise specific organization's or specific capabilities exploiting little known or unknown vulnerabilities. The anti-virus/endpoint protection vendors of today are not typically interested in protecting a single organization from attack, so they focus on vulnerabilities that will affect large populations of computers and users. Unfortunately as can be seen by the recent publicly disclosed attacks that have resulted in massive losses of credit card and non private personal information the hackers understand this quite well and work very hard to stay under the radar screen of security technology vendors and their solutions.
The information technology security vendors to provide the ability to protect against the "noise" factor of well known and identified attacks. This is important because anyone with a computer and an internet connection can type "Hack Windows XP" into a search engine and be provided with step by step instructions of how to facilitate these types of attacks. In this way though, the current vendor solutions are becoming commoditized. No enterprise will go without anti-virus software on their end user computers, but they also realize that they benefits of this software are far diminished compared to those they realized 10 years ago.
In order for security software technology vendors to truly make an impact on cybercrime they need to introduce tools and capabilities that help organizations asess the threats and vulnerabilities that are possible and likely in their enviornments and not just those that are publicized in the media or gain mass attention. This information can then become an input value into a true organizational risk assessment which will include things like operational, brand, legal, compliance, and other risk factors. This is the best way to help organizations focus their efforts and then decide the best technologies, controls, and business processes they can introduce to effectively mitigate the risk of cybercrime affecting them in a negative way.
SOURCE: GLGROUP.COM
No comments:
Post a Comment