Security practitioners are worried about the rising number of targeted cyberattacks and the lack of the ability of existing infrastructure to detect and respond to them.
The commoditization of attack infrastructure and services in the cybercriminal underground, and the low cost and ease of launching targeted attacks, are growing concerns that require new defense strategies, Raimund Genes, CTO at security software vendor Trend Micro, says in an interview with Information Security Media Group (see: APT Attacks Will Seek Smaller Targets).
"This is really concerning for companies because the traditional tools that they use for security are now just baseline," he says. "They keep away the noise, they keep away the non-targeted stuff. But they don't work anymore against the targeted attacks." (See: 11 Steps for Building APT Resilience.)
Small and mid-sized enterprises with limited resources need to go beyond investing in perimeter security, which no longer guards against targeted attacks, and consider flexible models based on cloud technology, which can be cheaper and more resilient, he contends (see: Security Spending for the Long Term).
But in addition to sophisticated defenses, organizations must also ensure they take care of the basics, including conducting timely risk assessments, Genes stresses.
"Its more sexy to go to a conference like an RSA or a Blackhat and come back with a nice data sheet that tells you that when you buy a particular solution, you are the hero because this is the silver bullet," he says. "It is easier to sell this to the management with the data sheets, the whitepapers and the customer references and say, 'we need to invest in this,' rather than say, 'let's first get the basics right'." (See: New APT Threats Target India, SE Asia.)
In a previous interview, Genes spoke about his frustration with the industry for using so many buzzwords and the need to move beyond them. In this exclusive interview with ISMG, Genes discusses the changing threat landscape, especially in Asia and India, and the implications of targeted attacks getting less expensive to launch. In addition, he also covers a broad range of subjects within security, including:
- Effective breach notification;
- The need to get the basics right in security;
- The disruptive technologies posing the biggest challenges for security.
Genes has more than 30 years of computer and network security experience. As CTO at Trend Micro, he is responsible for introducing new methods to detect and eradicate threats and to predict movements in the digital underground with his team of threat researchers.