The cyber security industry experts attending the RSA conference in San Francisco this week have been urging companies to protect against basic cyber-attacks on their company, rather than attempting to prevent threats from nation-state backed hackers.
JJ Thompson, chief executive of Rook Security, said that it is a “very delicate challenge” to get right because companies are increasingly purchasing newer technologies without accessing the impact that the system will have on the company.
According to the Financial Times (FT), Thompson said he believes cyber-attacks are like a public health issue. “There are people who are going to say it should be like a vaccine: you require an MMR shot for kids before they go to school because you don’t want the absence of that vaccine to cause harm to other kids,” Thompson said.
The FT also reports that approaching cyber security in the same way as a vaccine could be the best way of prevention because companies would be encouraged to do the online equivalent of their washing hands.
Casey Ellis, CEO of Bugcrowd, a security start up that connects companies with researchers who discover vulnerabilities in their systems, says that 90% of attacks could be prevented by taking care of basic technical issues such as keeping software up to date.
Ellis states that by “making sure you are patching your systems, you’re doing all of the simple things that you know are more about discipline than they are about any kind of creativity.”
Geoff Webb, Vice president of solution strategy company NetIQ, believes that attackers are now targeting organisations one by one because they refuse to work together. “We’re really looking for something like herd immunity where organisations can actually strengthen each other as opposed to operate single weak point targets,” Webb said.
Webb also mentions that companies are obsessed with purchasing the latest security system, rather than focusing its functionality or how it will protect employee information.
Data protection has gained a lot of attention in the cyber security industry but Thompson raises an issue with a “cyber inoculation of sorts” because he believes enforcing a security measure on every device would be “an invasion of privacy to a certain degree.”
The FT reports that companies are gradually becoming unsure of how much they should rely on police standards or the state to protect them from cyber attacks. However, the US Congress is currently considering an Information Sharing Bill which will be Obama’s next step in cyber legislation.