If 2014 was the year of the hack, it's logical to conclude that 2015 will be the year of fighting back. As diligently as an enterprise works to innovate groundbreaking advances in products and services, they too must work on implementing enterprise security solutions.
Recent breaches, including leaks of users' personal data and credentials from popular services like Dropbox and Apple iCloud have once again identified cybersecurity as a harrowing issue that requires immediate attention from both users and enterprises.
Rather than focusing solely on prevention, however, today's enterprises are now proactively beginning to use monitoring techniques for quick identification of and response to any kind of potential infiltration before it occurs.
In this interview, Trent Heisler, Vice President, Worldwide Sales Engineering, LogRhythm, shares his insight on the enterprise security landscape, including recommendations on overcoming such threats and ways on assessing an organisation's state of resiliency.
Trent Heisler, Vice President, Worldwide Sales Engineering, LogRhythm
What are some emerging cyber threat vectors in the corporate world today, and what do you think are the key drivers behind these threats?
Much like the game of cat and mouse, threat actors or cyber criminals are constantly evolving their tools for their malicious intents. As the world becomes increasingly connected, cyber criminals are finding weaknesses in commonly used codes as well as finding new surfaces of attack. Access to malicious software has become as easy as ordering a book on Amazon.
Fundamentally, threat adversaries in the corporate world have economical, ideological and political motivations.
- Economical - Perhaps the largest motivator for attacks is the promise of a significant financial windfall at the end of the tunnel. The RAND Corporation states that cybercrime is now more profitable than the illicit drug trade. Cybercrime is a powerful magnet attracting unscrupulous individuals, organised crime rings, and even nation states that are interested in doing 'bad' for profit.
- Ideological - The ideological criminals contain the likes of Anonymous, LulzSec and Cyber Caliphate. The types of threats range from defacing websites, a la Malaysia Airlines in January, to impacting a company's financial viability due to differences of opinion, with a perceived ethical and moral high ground.
- Political - Nation states play the age old game of wrestling for power using cyber attacks as a new class of warfare. Corporates may well become the collateral of a fallout, through intelligence collection, stifling of progression, and industrial espionage.
How do you think the "third platform" (mobile, social, big data and cloud) will transform the security market over the next few years?
As with every addition to the table, the 'third platform' will increase the surface of attack for cyber criminals.
Sign up for CIO Asia eNewsletters.