NEW BREED OF ATTACKS NEEDS NEW APPROACH
The new breed of attacks in the last few months have been more than embarrassing for the IT world, more so the IT Security professionals. They can write endless Post Mortem reports on high profile hacks & the hackers but the landscape does not change. Lazarus is there to stay. Incremental improvements does not seem to the answer. Are we even aware of the challenge?
This question is of utmost importance to answer another critical question. If you were to know you were going to be compromised, would you have done security differently? If the answer is yes, we have a chance, if its no, we are in quicksand. If we don’t know the challenge can we respond. Industrialisation of attacks with inbuilt commercial angle, high profile attacks and the global intensity of hacks has made the life of IT security professional frustrating.
The first approach is that national security ought to be in full governmental control which entails stricter frameworks, technology & guidelines, to be scrupulously followed by IT security professionals. It cannot be left at the mercy of the private IT industry. There has been proliferation of target attacks. The hackers are there to stay. They are hired to break in.
Even the basics are not covered even now. Patching, configuration management, identity / access provisioning is also not being done. There is lot of complexity in security technology. One has 30 to 60 vendors to work with. It’s not working. How can awareness & response happen. Integrated Threat Defence Architecture may be a way out. It would be like the threat perception analysis, which is quite precise & actionable. It would be one single visibility platform. Machine learning & security data science can for sure provide the intelligence to make it real time & dynamic. It can help facilitate a systemic response. Intelligence & Integration based on unique understanding of the complete IT mechanism of the organisation is the way forward.
NEW WAVE OF ATTACKS WILL DECIDE OUR RESPONSE FOR SURVIVAL.