IT professionals warn their management about looming IT security disasters, but say it’s the executives who fail to take action.
Last month the big focus in cybersecurity was the agreement reached between China and the United States. It’s correct to call it historic, but it would be far from correct to call it complete. There’s simply too much that the deal leaves out.
The problem is, cyber defense technologies that traditionally protected us from attack are often no longer able to do so. Firewalls, anti-malware tools and the like cannot block zero day attacks that haven’t previously been identified. Zero days can slip past conventional perimeter security tools undetected, and then wreak havoc inside the network.
One of the lessons from the Sony Pictures hack is that it’s easy for criminal hackers and nation-state attackers to nest within their target’s environment – and existing perimeter security and vault tools cannot prevent this.
My take is that, fundamentally, social engineering almost always works. The only hope a company has against these cyber criminals is to lock up the data they are looking for so that it it is not persistently available to every employee or even those with a need to know.