In the last year we’ve witnessed a spate of cyber attacks that have dogged businesses, governments and other organisations; a trend, which worryingly, is on the increase.
Cyber attacks present a growing threat to businesses and IT infrastructures of all sizes. What we have to admit is that it’s now obvious that these attacks are no longer the preserve of a few troubled or anarchistic individuals, but a sustained, organised and sophisticated onslaught from criminals, states and other organisations designed to wage war on business and on governments.
Their targets are financial institutions, corporations and state organisations. They are stealing money, but far more importantly, they’re also appropriating ideas, blueprints, plans and strategies, the lifeblood of businesses.
Organisations have been given a harsh wake-up call with the appearance of a particularly nasty piece of rogue software – a ‘worm’ called Stuxnet that burrows into PCs and through there onto IT networks. It hides very successfully and causes huge damage to network processes and management.
A new variant, Duku has also been identified. These types of ‘malware’ are termed Advanced Persistent Threats (APTs) because they are difficult to find and cause damage over a long period.
According to the recent ‘Global Network Security’ survey by PricewaterhouseCoopers, only 16 per cent of companies are prepared for APTs.
As well as showing us that the instances of cyber attack are on the increase, the recent rash of high profile breaches also show us that the current global security system is simply unable to cope with these ever-evolving threats.
A problem that needs fixing
It’s clear from the number of high profile breaches that the traditional approach to security is failing to keep these rapidly evolving and increasingly sophisticated threats in check. The current security landscape is facing a perfect storm of cyber threats with an ever-increasing number of Internet enabled devices, failing governance and compliance models, and current high levels of IT complexity.
It has taken us almost 15 years to admit to the truth, but it’s clear that layered security, the security infrastructure that currently makes up the global norm isn’t working, as it simply does not provide adequate protection. It offers ‘partial compliance’, not true security and so we need to look for new ways in which to protect ourselves against the growing data security threats that are facing organisations.
The answer may lie inside the device
A crucial starting point for any security solution is to have a strong foundation of trust in all endpoint devices. That starts by knowing that the PC has not been changed by a third party and extends to verifying the identity of the device itself. At Wave we believe that organisations should seriously consider adding device identity as an independently managed layer to help protect their data.
This device-based security solution offers unmatched protection, particularly for modern day organisations where workforces and their devices are mobile and move beyond the safety of the firewall. It will also play a key role as organisations continue to move towards the Cloud and prepare to face the unique security challenges that this evolution in IT infrastructure will present.
The Trusted Platform Module (TPM), a security chip attached to a computer’s motherboard, can provide this solution. It establishes automatic and transparent authentication of known network devices and users; and, because the TPM chip is physically part of the device, it’s uniquely suited for creating and verifying strong device identities and ensuring only authorised access to networks.
But this type of in-device security isn’t something for the future, it’s already here. About half a billion business grade PCs and laptops are already equipped with the technology and so the chances are your organisation already has the foundations to put these solutions into place. It’s perhaps no wonder then that the framework is being championed by major organisations, enterprises and governments across the globe.
A recent survey of organisations at the Trusted Computing Seminar in London indicates that 86 per cent of companies plan to explore the deployment of TPM-based solutions in 2012.
Up until now many organisations have accepted data breach and any subsequent financial loss as a ‘cost-of-business’. As a result they’ve been reluctant to explore and adopt a new security standard. However the landscape is changing as the level of threat organisations are experiencing has risen sharply and the costs in terms of financial theft, but more importantly IP theft, are becoming unsustainable.
It’s only a matter of time before action is taken and very soon, governments too will be demanding a compliance solution that is true and proven. In fact, the EU is already looking at data regulation and compliance, and is expected to issue much more stringent legislation in due course.