During the last months several companies were victims of attacks (DDOS, steal of database records, websites defacement, leak of sensitive information, etc) and we could watch on first sight how bad prepared many of them were.
Some of them have no idea on about what happened. And some others are still trying to understand how the attacks could reach their networks.
The deal here is the following:
Those attacks aren't new. The ways to detect and protect against it aren't new either.
But those attacks are still hurting companies around the world. Damaging their reputations and business.
So, the question is:
What are we missing here?
Are we missing information? The real useful information among terabytes of network data?
Are we missing technology? Too many new types of business, Too many new attack vectors. And a few new ways to protect it?
Or are we missing priorities? Availability? Confidentiality? Integrity?
Or is something else?
I read a interview some months ago where a CSO mentioned that he believed that his organization had the right tools to protect against these "new" Internet attacks because they just finished a whole-size company deployment of the best of breed anti-virus.
What many of us are missing is that the world has changed.
The attackers motivation have evolved from "recognition" to "organized crime" or "digital terrorism".
Internet is now accessible to many more due to the advent of smart phones and tablets.
The boundaries between networks are harder to protect now...Too many layers, too many access methods.
We need to rethink our security strategy.
Study the motivation of the attackers so we can enhance the detection capabilities of our SIEM properly, train the security teams to be able to recognize early signs of an attack, improve the related process, establish a communication path with ISP's and government agencies, deploy evolved mitigation system. Test it and validate it.
It's the basic security life cycle.
But many of us are missing it. For one reason or another