The security game has changed. The simple tactics of moves and counter moves is no longer working. More businesses are being successfully attacked despite the numerous point solutions available; worse, many don't even know they have been attacked until it's too late.
The problem is that the attacks and attackers themselves have evolved. Forget the old faceless image of a socially-introvert hacker as your opponent. Today's hackers are well-oiled enterprises in their own right; and they work for money not just for sport. This has led to an increased sophistication in attacks. Some use smokescreen tactics to divert attention away from their true malicious goal; others trade and barter secret business information gleaned from social engineering.
Our modus operandi has also changed, especially in Hong Kong. With businesses asking employees to collaborate more and become mobile, many constantly share information and access key applications through a variety of constantly-connected devices. This has increased application and network security risks, and made the security walls porous.
The risk of non-compliance is another issue that keep CIOs awake through the night. With regulations becoming more stringent, businesses are hard-pressed to comply. Those who don't, not only face huge fines but risk tarnishing their reputations irreversibly.
Don't sacrifice your pawns unnecessarily
It's better to view today's security as a chess game. Your security policies and solutions are your pawns on the chess board they are constantly evolving. Reacting to your opponent's moves is not enough; it makes you defensive and blinds you from multi-modal attacks. Every chess player knows that a winning strategy requires you to nullify the opponent's strategy, prepare for counter moves and protect your king — the company data.
So why doesn't the old approach of using point solutions work? First, it comes from a militaristic point of view that assumes your business is a castle and building strong walls can thwart your attackers.
Today, however, businesses are diverse, disparate and extremely mobile. Networks lie at the heart of many businesses, enabling them to adapt to a dynamic market, exploit new and fleeting opportunities and improve operational efficiency. Clouds have also changed internal infrastructures. In the name of better efficiency and cost savings, many are adopting cloud-driven application delivery models to be more agile.
All these changes mean that vulnerability against network threats — such as DDoS and DNS attacks &mdash- have increased exponentially. A single network outage can not only bring businesses to their knees, but open a gaping hole for intruders to create backdoors or even steal secrets.
Access security, once seen as an option, has also become mandatory. With employees working from disparate locations and becoming increasingly mobile-driven, who gets access to which applications becomes important. Without a good access management system, businesses are vulnerable to attacks from both insiders and outside hackers.
Sign up for CIO Asia eNewsletters.