Saturday 10 March 2007

Some explaining, a bit less moaning...

It's just been pointed out to me that I seem to be being quite negative about security in Europe so far. OK, I admit it, the endless sales cycles and worthless PoCs may have driven me close to the edge, but it's time to haul my neck in and meditate a little on the positive side of IT security.

I could be cynical here and say "The United States", it is their endless litigation and willingness to sue their own mothers which has brought about such simple self enforcing regulations like the aforementioned SB1386 for example. At the end of the day however, they are safe because they choose to be safe. We might scoff at them in Europe and accuse them of being soft and flabby, but just because we're lean and fit, doesn't make us bulletproof. Ask Captain America. (http://www.nydailynews.com/entertainment/story/503132p-424376c.html)

The truth is, perfect security DOES NOT EXIST. It never will, as long as we are sewing up holes a) we will be creating new ones, and b)someone will find a way in.

It is an oft cited statistic these days that 80% of attacks are now internal. Let's examine this stat though. 80%! Wow, that's a huge number isn't it!?
Well, what about the number 8? Is that huge?
Would you prefer to go back to a time when only 1% of attacks were internal?
What if the number of attacks was the same?
For the numerically challenged, let me explain. The stat sounds impressive because what we are talking about is before firewalls and AV and all that jazz, our networks were getting hit many times a day by kids with computers, doing what kids with computers do, messing.

If they could get through our measly defences, that was an attack. For every 792 of these in a week and you only need 8 people going awol inside the network to account for 1% of your internal attacks. Now put in a firewall. That's most of your external attacks taken care of. Someone 2 of them manage to get through, because they are proper hackers with a knowledge of your network and your applications perhaps. Now you suddenly still have the internal problem, but it's 80% of all attacks!!!

See how we've been duped by the marketing men? OK. But it's still valid. If we're savvy enough to put firewalls and AV on our networks, we're sensible enough to know that we need to protect our data. But if we're only protecting our networks, we're not doing enough.

No comments:

MadKasting