"[Even] the largest enterprises with the most sophisticated, "next-generation" security tools have not been able to stop the bad guys," said Amit Yoran, President of RSA. "Clearly, our adversaries are out-maneuvering and outgunning the security industry, and winning by every possible measure. Once inside an enterprise's network, they often go undetected for months or even years."
Speaking to government and private industry cybersecurity experts at the annual RSA Conference Asia Pacific & Japan 2015 in Singapore on July 22, 2015, Yoran said that the only way forward is to "change our cybersecurity mindset".
He described the legacy mindsets in security as one that displays "negligence, if not insanity." He added that he sees companies busting their budget investing in preventive technologies, as they put all their faith and trust in it - hoping that it serves as a sufficient defensive measure against cyberattacks.
"The notion that prevention will keep the bad guys out is misguided," said Yoran. "Next-generation firewalls, anti-malware technologies and the rest are all nice to have, but if you believe for one second they'll keep the bad guys out of your environment, you're asleep at the wheel."
Despite the call for a change in mindset, Yoran understands that getting people to work on changing it is no mean feat. But not changing is much harder, or at least comes at a much greater cost.
He cited a local example of the Singapore Post (SingPost), which has successfully changed its traditional mindset and embraced digital transformation to stay relevant in the industry. It is no longer operating the "old-school" way - getting customers to stand in line to get their packages weighed and stamped.
"The nearly 200-year-old national post service is reinventing itself as a modern day digital enterprise, transforming into a one-stop shop for retailers' booming e-commerce needs across Asia," he noted.
In fact, e-commerce now accounts for more than a quarter of SingPost's revenues. Besides traditional services like package delivery, SingPost also offers website development and even online marketing.
Another notable example is Australia Post, which is now working with Alibaba, a Chinese e-commerce company, to help local businesses connect with Chinese customers.
Based on these examples, Yoran lamented that the security industry is still stuck at 'selling stamps'. In a world of sophisticated advanced threats, the security industry is still selling the perimeter as the primary line of defense.
"It's not that perimenter and preventative measures are bad, it's just that they are limited by experience. They have to have seen a threat before, or have been taught about it, in order to detect it. We all know that the threats that matter most today are the ones you haven't seen before," he explained. "These tools are incapable of detecting these advanced threats which cause the most damage."
Sign up for CIO Asia eNewsletters.