An intelligence-driven security model, comprising of pervasive monitoring and intelligence sharing, is the way forward for the battle against sophisticated cyber attacks, speakers said at the RSA Conference Asia Pacific held in Singapore yesterday (5 June 2013).
Many organisations today operate IT security models that rely heavily on traditional perimeter-based defences, making it nearly impossible for them to anticipate or spot unknown threats, said Art Coviello, executive vice president of EMC and executive chairman of RSA.
There are already groups such as non-profit organisation InfraGard that promotes trusted sharing of intelligence, vulnerabilities and solutions, according to Masagos Zulkifli, Singapore's Senior Minister of State for Home Affairs and Foreign Affairs, who spoke at the event.
"The industry must recognise that true strength against cyber threats lies in close cooperation," said Zulkifli.
"You see the same attacks that keep repeating because no one is sharing intelligence," said Tim Belcher, chief technology officer, RSA. However, there are positive instances where banks come together to share intelligence on information such as active fraud threats, he said.
Law enforcement agencies are also working together sharing information to combat cyber crime. "With an estimated 14 people per second falling victim to cyber crime, it is essential for a global alliance of efforts, to close the gaps that cyber criminals use to advantage," said James Pang, assistant director of the Digital Crime Investigative Support Sub-Directorate, INTERPOL Digital Crime Centre.
INTERPOL is setting up a Global Complex for Innovation in Singapore next year to facilitate international police cooperation to fight cyber crime.
And for RSA, the key to an intelligence-driven security model is the use of big data analytics.
"It is about analysing vast and complex data sets at high speed that, in our case, will allow us to spot the faint signal of an attack. Because at some point, no matter how clever the attacker, they must do something anomalous," said Coviello.
But what about fears that big data tools are expensive? The benefits far outweigh the initial costs, explained Belcher. "Your training costs go down because the same system can be reused and leveraged for different problems. You don't have to react to individual gaps by going out to buy specific products," he said.
Sign up for CIO Asia eNewsletters.