How to limit the damage from hackers

By on
How to limit the damage from hackers
Page 3 of 6  |  Single page

But don’t be deceived by Whiteside’s use of the term. Sure, the nurse service is hamstrung by a number of regulatory mandates but he values standards management above any government edict.

That is a lesson more end-users – and vendors – should take to heart, says Corman of the 451 Group. He says many well-resourced organisations are falling victim to advanced malware attacks because the security industry is suffocated by a compliance focus. Corman estimates that at least half, possibly all, of the Fortune 100 have had intellectual property stolen: “We’re wildly underprepared to protect our secrets; I’m not sure anyone can protect themselves and their [intellectual property]”.

Corman has a particular distaste for the Payment Card Industry Data Security Standard (PCI DSS), a 12-step, prescriptive baseline for protecting credit and debit card information. He says that while the guidelines have helped organisations more seriously consider data protection as a business imperative, they also have boiled security down to a least common denominator.

As a result, particularly middle- market businesses without budget to buy advanced analytical and detection tools, have suffered, he says: “The attacker knows you’re compliant and they do not care”.

“They’re not going to use techniques that are easily detectable by that very, very low bar. We are in serious need of an upgrade in the way we approach and do information security. There is a large gap that needs to be reassessed.”

If no action is taken – Corman believes more products need to be developed that contribute to situational awareness – the security market risks becoming a punch line. “If we’re not careful, we’re going to be the TSA (Transportation Security Administration),” Corman says. “Everyone knows the TSA is theatre but everyone in our industry thinks we’re better than theatre. Let’s stop thinking we’re going to prevent these [advanced attacks] with the current stuff.”

A game of economics

As sophisticated and well-funded as today’s adversaries are, they typically gain entry inside an organisation through the age-old tactic of social engineering. 

Previous PageNext Page
1 2 3 4 5 6 Single page
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © 2010 Computing
Tags:
apt assessment buffer ciso comodo eeye hacking hbgary overflow rsa security threat vulnerability

Partner Content

Channel can help lead customers to boosting workplace wellbeing with professional headsets
Channel can help lead customers to boosting workplace wellbeing with professional headsets
Secure, integrated platforms enable MSPs to focus bringing powerful solutions to customers
Secure, integrated platforms enable MSPs to focus bringing powerful solutions to customers
Build cybersecurity capability with award winning Fortinet training from Ingram Micro
Build cybersecurity capability with award winning Fortinet training from Ingram Micro
Kaseya Dattocon APAC 2024 is Back
Kaseya Dattocon APAC 2024 is Back
Tech For Good program gives purpose and strong business outcomes
Tech For Good program gives purpose and strong business outcomes

Sponsored Whitepapers

Easing the burden of Microsoft CSP management
Easing the burden of Microsoft CSP management
Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
The Cybersecurity Playbook for Partners in Asia Pacific and Japan
The Cybersecurity Playbook for Partners in Asia Pacific and Japan
Pulseway Essential Eight Framework
Pulseway Essential Eight Framework
7 Best Practices For Implementing Human Risk Management
7 Best Practices For Implementing Human Risk Management

Events

techpartner.news MSP index - Brisbane
techpartner.news MSP index - Brisbane
techpartner.news Channel Leader List / Golf day
techpartner.news Channel Leader List / Golf day
techpartner.news Pipeline Conference 2025
techpartner.news Pipeline Conference 2025
Integrate Expo 2025
Integrate Expo 2025
Security Exhibition & Conference 2025
Security Exhibition & Conference 2025

Most read articles

Australian MSP Index launched

Australian MSP Index launched
Ingram Micro Ushers in the Age of Ultra

Ingram Micro Ushers in the Age of Ultra
Announcing Pipeline 2025 tickets, theme & initial speakers

Announcing Pipeline 2025 tickets, theme & initial speakers
Vic gov to spend $100m on cyber security

Vic gov to spend $100m on cyber security

Log in

Email:
Password:
  |  Forgot your password?