Worm Holes In The Broken Global Security Network

In the last year we’ve witnessed a spate of cyber attacks that have dogged businesses, governments and other organisations; a trend, which worryingly, is on the increase.

Cyber attacks present a growing threat to businesses and IT infrastructures of all sizes. What we have to admit is that it’s now obvious that these attacks are no longer the preserve of a few troubled or anarchistic individuals, but a sustained, organised and sophisticated onslaught from criminals, states and other organisations designed to wage war on business and on governments.

Be afraid

Their targets are financial institutions, corporations and state organisations. They are stealing money, but far more importantly, they’re also appropriating ideas, blueprints, plans and strategies, the lifeblood of businesses.

Organisations have been given a harsh wake-up call with the appearance of a particularly nasty piece of rogue software – a ‘worm’ called Stuxnet that burrows into PCs and through there onto IT networks. It hides very successfully and causes huge damage to network processes and management. A new variant, Duqu has also been identified. These types of ‘malware’ are termed Advanced Persistent Threats (APTs) because they are difficult to find and cause damage over a long period.

According to the recent ‘Global Network Security’ survey by PricewaterhouseCoopers, only 16 percent of companies are prepared for APTs.

As well as showing us that the instances of cyber attack are on the increase, the recent rash of high profile breaches also show us that the current global security system is simply unable to cope with these ever-evolving threats.

A problem that needs fixing

It’s clear from the number of high profile breaches that the traditional approach to security is failing to keep these rapidly evolving and increasingly sophisticated threats in check. The current security landscape is facing a perfect storm of cyber threats with an ever-increasing number of Internet enabled devices, failing governance and compliance models, and current high levels of IT complexity.

It has taken us almost 15 years to admit to the truth, but it’s clear that layered security, the security infrastructure that currently makes up the global norm isn’t working, as it simply does not provide adequate protection. It offers ‘partial compliance’, not true security and so we need to look for new ways in which to protect ourselves against the growing data security threats that are facing organisations.