The VP and CTO of Symantec’s Enterprise Security Group began his keynote address by taking the audience through a timeline of the IT security threat landscape, starting in 1986. The first attacks focused on proof-of-concepts or on gaining individual notoriety for a particular exploit, Doherty reflected. But since 2005, new breeds of attacks are the direct outcome of our current era of cybercrime and cyberwarfare, he added.
“Unfortunately, [this] does not look like it will stop – it’s a big industry, and it’s a good way to make money”, Doherty said. He observed that organized crime, which had traditionally been involved in high-risk endeavors like drug trafficking, has quickly moved into the cybercrime realm.
He lamented that cybercrime has moved from novel concept to that of bona fide industry. “It’s a much shorter supply chain”, Doherty professed, “and you need far fewer people involved for good returns”.
Complicating this rise of the cybercrime industry, Doherty additionally identified a handful of fundamental problems – or changes – that have hit the IT landscape as of late, based on feedback from customers and others in the security industry. First was the difficulty organizations face in balancing their infosec budgets, primarily due to the fact that most IT security programs are being asked to do more than ever before while IT budgets remain flat. The second revolves around concerns over increasingly sophisticated attacks. The third was the complexity of an increasingly heterogeneous IT infrastructure – key to this change is the invasion of mobile devices within the enterprise.
Doherty then held up an iPad for the audience. “This little device has upset many of our infrastructures”, he proclaimed. “It has brought with it the demand to connect more mobile devices.”
The fourth change Doherty identified was the exponential growth in information that organizations must deal with, and therefore vet through to protect that which is critical. The last transformation he discussed was the increased impacts that data breach incidents have on effected organizations. The publicity surrounding these incidents, and the potential damages to their brands, cannot be understated, Doherty conferred. These impacts also have an effect on the bottom line, as budgets must make room for post-incident cleanup efforts – both technical and otherwise.
But the keynote as not a pity party for security practitioners, as the Symantec CTO offered a comprehensive framework to deal with these changes in the IT landscape. Doherty identified five areas organizations should focus on to keep pace:
- Manage policies; find and respond to threats. “Having good, robust policies is a good starting point”, Doherty noted, even simplification of existing ones. Examine where deviations from policies have occurred in the event of a breach, he added.
- Protect your information. Assess which portions of your information are sensitive and protect them accordingly. Also identify vulnerable business policies that are susceptible to data leak vulnerabilities.
- Validate and protect identities within your network. Protecting identity, Doherty said, is critical to protecting information.
- Manage systems through their entire lifecycle.
- Protect your infrastructure. This may be basic, parameter-based IT security, but it is still a fundamental aspect to any comprehensive security strategy.
Doherty said an initial assessment of the different aspects of this framework can feasibly be accomplished within three months, with a subsequent revised strategy put in place by six months.