The security landscape in 2015 is already shifting, as organizations big and small try to avoid ending up as a victim of a data breach like the one that took a toll on Sony Pictures. The impact of the Sony breach is being felt at Hewlett-Packard as the company aims to protect itself and its customers in a year that is set to bring great change.
Although changes in the market are likely in the year ahead, Art Gilliland, senior vice president and general manager of Enterprise Security Products at HP, noted that many of the attacks in recent months have stayed consistent and the Sony attack is an example of issues that have been talked about for a while.
One of those issues is the risk of co-operative attacks, where there is an adversarial entity that has an objective of breaching a specific organization.
"What is different about the Sony attack is that it is the first time that we've seen what we believe to be nation-state sponsored cyber-damage," Gilliland told eWEEK.
As opposed to being just an attack to steal information, Gilliland believes real damage was done to Sony as an act of cyber-terrorism.
The U.S Federal Bureau of Investigation confirmed on Dec. 19 that North Korea was behind the Sony attack. While the FBI has blamed North Korea, other security experts have alleged that one or more former Sony employees may have worked with the attackers.
The risk of insider threats is another key trend that concerns Gilliland. In his view, historically there has been an over-reliance on system level monitoring that is focused on protecting servers, desktops and laptops. With the system level monitoring approach, the goal is to prevent the protected systems from being infiltrated.
"Sony is just one of many that prove that method of protection isn't working, partly because of the insider problem," Gilliland said.
The reason this is such a problem is that there are users who have broad permissions to access data to do their jobs. Those users can do good work with their access—or they can do bad things.
"The change that is going to occur is that we need to be a lot more information- and identity-centric in the way that we think about security going forward," Gilliland said.