Protecting enterprises with cybersecurity tools has been a long process, one filled with failed attempts, confusion and human error. Furthermore, many new infrastructure-as-a-service offerings are attempting to provide IT departments with high-levels of visibility across IT environments, despite the majority of modern systems being comprised of both on-premise and cloud-based data centers. Add in the popularity of bring-your-own-device policies, and IT departments have a lot of ground to cover. The good news is that nowadays there are plenty of cybersecurity solutions from third-party data center security services to end user anti-malware and virus prevention software. However, it has not always been this way. Fortunately, with a retrospective of the cybersecurity industry, many decision-makers and IT leaders can put the future of the practice into perspective.
On Dark Reading, Amit Yoran, the recently introduced new president of RSA, explained that cybercriminals have been around for a while now. In his 20 years of experience working in the incident response sector of the Department of Defense, Yoran wrote that he has seen well-designed systems fail, solid security programs manipulated and circumvented by hackers and cybercriminals plan strategic campaigns against the strongest systems for data protection. Every step of Yoran's journey through the cybersecurity industry has been marked by breaches, leading to an era in which hackers are winning the war.
The greatest failings
There certainly has not been a lack of data breaches in the past 10 years alone. Information is Beautiful created an interactive infographic detailing all of the security failings since 2004, starting with the America Online breach that occurred that year. According to the source, a software engineer from the company stole 92 million screen names and email address and sold them all.
Then, in 2006, TJ Maxx experienced the largest retail data breach to date, as hackers gained access to a store's wireless network and made off with credit and debit card information belonging to 94 million individuals across 2,500 locations, including company affiliate Marshalls, Information is Beautiful reported. The intrusions get worse from there.
The biggest credit card scam in history took place in 2008. Heartland, an independent payment processor, lost 130 million records, and the company ended up paying $110 million to settle claims. In 2012, a hacking ring targeted banks, payment processors and retail stores, making off with 160 million credit and debit card numbers, 800,000 of them containing banking information. This attack went on for eight years before it was discovered. More recently, Adobe experienced a data breach in which cybercriminals gained access to customer IDs, encrypted passwords and sensitive data related to credit and debit cards. This affected 152 million of the company's customers, according to the source. About a year later, it was discovered that hackers found their way into eBay's IT systems and databases, making off with employee and customer data belonging to 145 million individuals.
Does a checkered past lead to solutions?
The abundance of data breaches seems to have inspired organizations to implement some security measures, but many of them are either rendered pointless due to end users' failures or simply not adequate enough to address the ever-growing sophisticated threat landscape. Employees, for example, are lacking in their protection attempts. Dark Reading cited a Microsoft study that determined 10 percent of Windows 8 users are running expired antivirus software.
"Running expired antivirus software can give people the impression that it is still protecting them even if it hasn't downloaded updates in a while," Tim Rains, director of cybersecurity and cloud strategy at Microsoft, told Dark Reading. "However, data from our latest report indicates that running expired antivirus software is nearly as unsafe as having no protection at all."
This obviously puts enterprises at risk of becoming the latest victim of a data breach. However, organizations are not taking the appropriate steps, either. Yoran wrote that businesses are using antivirus software as well and only "modestly" improving upon old intrusion detection solutions. He added that a lack of visibility is also causing lapses in security. As attacks increase in sophistication and cybercriminals take their time, a compromise in security is inevitable. Essentially, organizations need to improve visibility into their corporate data centers as well as integrate cutting-edge technologies in existing systems.
The best way to attain the most optimal and innovative security technologies and reduce costs and complexities would be to work with a third-party security provider. Much like any other as-a-service solution, these companies take stress off IT departments and guarantee that offerings can scale based around the pervasiveness of threats. Third-party security providers will be able to constantly monitor data centers and corporate systems, and with this complete visibility, threats do not stand a chance. Once detected, if hackers even get through firewalls, the dedicated team of security professionals can stamp out the intrusion before any damage is done.
David Bailey is Senior Vice President at Protected Trust.
Protected Trust is a sponsor of the Print4Pay Hotel. I urge members and readers to visit their site to see their full line of products and services. More and more we need to provide well rounded strategic solutions for our customers. Protected Trust offers some unique solutions that can help us in our day to day efforts. Check them out here.
Comments (0)