Simply Security - News, Views, and Opinions from Trend Micro

Posted on March 5th, 2012 in Reports by Simply Security | 1 Comment | Tags: Current News

Companies should be rethinking their approaches to security.

If it hasn’t already been done, the time has come for companies to crumple up their security policies and throw them in the trash, as traditional approaches to safeguarding enterprise information are no longer effective enough. More sophisticated attacks than ever seen before are wreaking havoc on enterprise networks, highlighting the need for modern practices and programs.

Overall, the increasing reliance on the Internet is rendering old data security practices moot. Cybercriminals have recognized the massive transition to the web, and are exploiting every vulnerability possible.

That, according to a recent report from the Information Security Forum (ISF), is having a severe impact on many organizations.

“Business leaders recognize the huge opportunities and benefits cyberspace offers in terms of increasing innovation, collaboration, productivity, competitiveness and customer engagement and they will continue to work hard to exploit the opportunities it presents,” ISF CEO Michael de Crespigny said. “Yet many are having difficulty determining the risk vs. reward aspect, preparing for adverse surprises and understanding that with benefits come significant risks.”

These days, companies can’t seem to help themselves. The ISF report noted that businesses are rushing to grow their online presence in order to leverage the immense opportunities that come with it.

However, these benefits are merely pipe dreams if the appropriate approach to Internet security is not taken, the organization concluded. It also found that security risks are compounded in cyberspace and threats are more serious online given their ability to “combine quickly in unpredictable and dangerous ways,” according to the report.

“Cyberspace is critical to all organizations today – from the supply chain to customer engagement – and slowing adoption or disconnecting is simply not an option,” de Crespigny added.

Since both ignoring the web and failure are out of the question, companies instead should be looking to identify the most serious threats to enterprise data and mitigate them. According to a recent report from SC Magazine, advanced persistent threats (APTs) are among the most serious cyberattacks facing companies today.

If companies have learned anything during the past 12 months, it’s that APTs are both difficult to detect and can cause untold damage to their victims. Many of the security incidents faced by the federal government – some of which are launched by rival nations – are categorized as APTs.

“[L]ong-term coordinated attacks can often exploit inadequate defenses over a period of time,” contributor Matt Ulrey wrote for SC Magazine. “In many cases, these attacks are well disguised and designed to undermine typical security controls deployed within many organizations.”

Uncovering APTs takes a revolutionary approach to data security – one that focuses on being proactive rather than reactive, the report stated. That means monitoring networks and auditing activity to uncover certain patterns across numerous applications and systems that will ultimately uncover a threat.

This requires enhanced skills and visibility that organizations should work to cultivate, Ulrey said.

“Organizations that are not proactively collecting and analyzing this information lack the visibility needed to detect and respond to threats,” he said.

Given the evolving threat landscape and the growing need to protect enterprise information, many experts have recently argued what they believe is the best approach for companies to take. Earlier this month, a separate SC Magazine report from Terry Greer-King recommended that companies take a closer look at their data.

By implementing security measures at the data level, Greer-King said, companies will ensure confidential information is protected no matter where it travels – between devices within the company or outside its walls.

Security News from Trend Micro