- Cyber-Crime Remains a Jump Ahead
- Mobilization Adds New Problems
- Everything Is Vulnerable
- Old Detection Methods Outmoded
- Time Is Always of the Essence
- Traditional Safeguards Continue to Be Exploited
- Cyber-Criminals Using Coordinated Attacks
- Mobile Workers Are Increasingly Vulnerable
- Locking Down Desktops Isn’t the Answer
- Human Error Will Always Occur
Cyber-Crime Remains a Jump Ahead
Cyber-criminals are becoming more sophisticated, targeting their attacks at whitelisted vectors; after all, who wouldn’t open an email attachment from his/her manager? While employees may think they are complying with company security measures, a simple and honest mistake could compromise the entire company.
Mobilization Adds New Problems
As the enterprise workforce continues to mobilize, extending corporate information security policy to employee endpoints will require tools that transcend network connectivity, patch levels and authentication.
Everything Is Vulnerable
Each email attachment, document and Website should be construed as a set of applications running on company-owned devices. It’s quickly becoming impossible to tell the good from the bad.
Old Detection Methods Outmoded
Existing security technologies rely on detection of threats through signatures—a method that makes it impossible to block “zero-day” attacks that have never been seen before, or “polymorphic” attacks that dynamically change their signature.
Time Is Always of the Essence
The longer it takes to defeat an attack, the more damage it can do.
Traditional Safeguards Continue to Be Exploited
By using polymorphic, undetectable designs that change with every use, move slowly and exploit unpatched vulnerabilities, attackers are successfully exploiting gaps exposed by traditional and next-generation firewalls, intrusion-prevention systems (IPS), antivirus and Web gateways.
Cyber-Criminals Using Coordinated Attacks
Today’s threats are more of a series of coordinated attacks than a single binary, and use data that is easily available on social networking sites to create highly targeted, clandestine forays aimed at users who are reachable through the Web and email.
Mobile Workers Are Increasingly Vulnerable
Network-based security is ineffective in protecting mobile users. Increased employee mobility poses a challenge to traditional network security solutions; an executive working from a hotel or a salesperson connecting from a coffee shop are highly vulnerable to attacks as they are unprotected by corporate network defenses.
Locking Down Desktops Isn’t the Answer
Locking down the desktop by significantly narrowing users’ access to the Internet creates new challenges. Users rely on the Internet to accomplish their daily activities, and if they cannot get their work done through the enterprise-provisioned endpoint, they bring other devices to work and circumvent IT policy in search of productivity.
Human Error Will Always Occur
Users are only human. No matter how comprehensive an enterprise’s tools may be, an attacker can design malware to bypass even state-of-the-art detection and protection systems and trick the user into continuing the behavior that lets the attack persist.