“The general logic would say, ‘If I spent more money on security and I spent it in the right areas, then the number of breaches and compromises should be decreasing, they should not be increasing. And because they are increasing, organizations are getting frustrated and asking, ‘Are we doing the right things and focusing on the right areas?’”, Cole told Infosecurity.
“What I tell my clients is that a lot of the things they are doing are good things….But in terms of stopping the attacker, you need to do the right things and understand the threats that are out there and how they work”, he added.
The way attackers are breaking into systems has changed over the last two years, he opined.
Cole said that information security threats to organizations are equivalent to the common cold. When humans have a common cold, they wait until they have symptoms before they seek treatment, and the doctor treats the symptoms.
“What has happened over the last two years is that the threat has gone from visible, disruptive low-hanging fruit to stealthy, targeted, and data focused. Reactive information security is not going to be effective because there is nothing to see”, he said.
Cole compared the new information threat to cancer: if you wait until there are visible signs, it is often too late. “Any doctor will tell you that early detection is the key”, he noted.
Similarly, with the new information security threats, organizations have to take a proactive approach. “We need to change how we look at security and start using emerging trends to better protect the enterprise”, Cole said.
The focus of the new brand of attacker is email and the browser, he noted.
Virtualization can be used as a security tool to prevent these stealthy, targeted, data-focused attacks. “What if on your desktop we run your browser and your email client in separate, virtual machines….Now, if you open an attachment or you click on a link, you are infecting the desktop operating system and not the host. Your system is infected in a contained environment for 30 minutes not 30 days or 30 months”, Cole said.
“That is one trend we are seeing, using emerging technology in a different manner to increase the overall security of the enterprise”, Cole said.