Even though, as noted, the volume of attacks on PCs has remained flat, McAfee nonetheless suggests they are becoming far more powerful, with attacks both above and below the operating system. HTML5 is becoming the preferred attack vehicle, as it lets hackers move among platforms and provides an unparalleled opportunity to gain system and information access. These attacks can drift beyond PCs and into mobile systems, below the OS, into storage systems, and even compromise the BIOS - becoming virtually undetectable in the process.
Analytics May Be Only Sustaining Defense - Cloud Providers Won't Help
McAfee suggests that the only sustaining defense will be comprehensive analytics able to detect the penetration before it compromises systems and determine, from company-wide system behavior, that a compromise has occurred by looking across the corporation. The old security solutions simply aren't up to the task, however, and the report says a much more computational, comprehensive approach will be necessary to get ahead of these threats.
While companies may wish to pass the task of worrying about these threats to cloud-based services, these services will become even more attractive targets thanks to rich customer bases and a wealth of content from those customers. Attackers will increasingly focus on breaching hypervisors to gain access to multiple companies at once and achieve criminal rewards that would make a James Bond villain proud. Because many providers lack the leverage to provide security measures in line with corporate needs, the exposures could be catastrophic at a national level.
So ... Who Wants a New Career?
After reading the McAfee report, that's what occurred to me. We're clearly unprepared for the kinds of attacks that are coming. The folks we typically look to help protect us are also penetrating our systems and aren't particularly secure themselves. The one thing that's clear: You sure don't want to do anything to make this worse. That suggests going easy with cloud services or other vendors that don't understand your security needs.
As an IT leader, you may want to suggest that security become a higher priority - not just from survey perspective, but from a funding perspective as well. Not only could your firm be the next Target, the next attack could make the Target attack look trivial by comparison.
Suddenly a job teaching doesn't look so bad. Happy New Year? Yeah, right.
Sign up for CIO Asia eNewsletters.