Cyber-Attackers Have Advantages, but Enterprises Must Fight Back
NEWS ANALYSIS: Most security pros believe attackers are able to dodge defenses. Companies can better protect themselves by sharing threat intel within their industries.Over the past three years, the IT security community has gradually come to the consensus that every company should assume that their systems have been breached. While the lack of faith in their technology, tools and people may, on some level, be practical, it should not be a reason to give up, security experts stress. The latest report from the Ponemon Institute released this week shows, for example, the inexorable spread of the idea of an inevitable breach. Of the more than 4,800 professionals surveyed for the report—which was sponsored by security firm Websense—51 percent believe that their security measures will not stop cyber-criminals from stealing valuable data, and another 12 percent were unsure whether their methods would be effective. In addition, nearly 70 percent of the respondents believed that some cyber-security threats escaped notice or were not dealt with appropriately, according to the Exposing the Cybersecurity Cracks report. On some level, the survey shows that IT security professionals have become more practical and are less likely to invest in a false sense of security, Jeff Debrosse, director of security research for Websense, told eWEEK. Because attackers are able to gain intelligence on corporate defenses, they have a first-mover advantage and the ability to actively look for vulnerabilities. Realizing that, makes defenders better equipped to prepare for breaches, he said. "I know that, as a practitioner, no matter what solution I deploy, no matter how high-end the solution, at the end of the day, you are still not going to get 100 percent of the things that that solution is designed to protect against," Debrosse said.
The barrage of breach news from such well-funded companies such as Adobe, AOL and Target could dishearten IT security workers. Companies continue to be vulnerable to advanced attacks, with most IT security practitioners expecting some online attacks to make it past their defenses while nearly half of executives continue to have a poor understanding of security issues, the Ponemon Institute's survey data shows.