Story image

Current IT security not up to the job – time to make some changes

14 Nov 17

A new report has emerged that proposes organisations need to change how they think and view data itself as an endpoint in order to improve its security.

The independent research was carried out by IDC and sponsored by Covata and stated data is an asset that is increasing in value, created and stored in a constantly growing variety of devices.

“It is also increasing in volume, its value only realised by sharing – and only with those who are authorised to view it. And yet hackers are seemingly able to steal this data with ease from those that are unable to secure it sufficiently,” the report states.

Another point alluded to in the research is the fact billions of dollars are spent around the world every year on various forms of IT security, and yet, data breaches are still happening.

“Strategies to protect data must evolve if we are going to successfully protect this valuable resource in the future,” says vice president of Security Practice for IDC APAC and  co-author of the report, Simon Piff.

“It’s clear from the almost constant barrage of headlines announcing the latest data breach that we are not able to secure this asset with the strategies we have used in the past. Perhaps by reconsidering our approach to how we think about data, we can create improved strategies to secure this increasingly valuable asset.”

Covata’s CEO and managing director, Ted Pretty shares these sentiments.

“To greatly reduce security issues, organisations should implement solutions that follow data from its creation to its end of useful life, and ensure only authorised users and processes can access, use and amend the data,” says Pretty.

“Traditional perimeter security strategies that have focused on hardening the networks and systems supporting the data, rather than the data itself, are what needs to change. A perimeter-focused strategy is no longer sufficient, and many security technologies are simply applying that same failed approach.”

In terms of what needs to be done, the report states organisations need to reconsider their overall security strategies.

The perimeter is gradually dissolving with the implementation of technologies like cloud, mobile and IoT, which means data needs to be elevated so that each data object can itself participate in the security portfolio.

As aforementioned, the report says despite the billions of dollars spent, it’s clear that the security solutions we have in place today are simply not up to the job – hence the ongoing high-profile data breaches.

“It is time to rethink how we secure the data by considering data as an endpoint with an active role to play in the overall security strategy rather than as a passive element in transactional systems … To be successful, organisations must develop a program that focuses protection capabilities on the data itself,” the report states.

Recommended actions for organisations:

  • Consider how and where the data is created, captured, transmitted and stored, and where the vulnerabilities are greatest along this value chain
  • Identify offerings that can secure that data at its earliest point of creation and throughout its life cycle, regardless of whether this is on- or off-premises
  • Realise that not all data is of the same value, and that value may differ from an internal (your own) and external (the hacker’s) point of view, and then apply the relevant levels of protection
  • Establish a process that can constantly evaluate this value based on impact to the business, impact of legislation and impact of new threats and vulnerabilities
ForeScout acquires OT security company SecurityMatters for US$113mil
Recent cyberattacks, such as WannaCry, NotPetya and Triton, demonstrated how vulnerable OT networks can result in significant business disruption and financial loss.
Ransomware infection? Here’s how you control the damage
Ransomware has evolved to be more sophisticated and targeted, and remains a threat to businesses of all sizes.
Exclusive: Fileless malware driving uptake of behavioural analytics
Fileless malware often finds its way into organisations via web browsers (or in combination with other vectors such as infected USB drives).
'DerpTrolling’ faces jail time for Sony DoS attacks
A United States federal court has charged a 23-year-old man for the hacks on Sony Online Entertainment and other major companies back in 2014.
It's time to rethink your back-up and recovery strategy
"It is becoming apparent that legacy approaches to backup and recovery may no longer be sufficient for most organisations."
Dropbox strengthens security with raft of new partnerships
Integrations will keep customer content protected and secure with tools for controlling identity access, governing data, and managing devices.
Companies swamped by critical vulnerabilities – Tenable
Research has found enterprises identify 870 unique vulnerabilities on internal systems every day, on average, with over 100 of them being critical.
Don’t let your network outgrow your IT team
"IT professionals spend less than half of their time at work optimising their networks and beefing it up against future security threats."