November 16, 2011 Leave a comment
5 million new threats in Q3 2011!
This was one of the hot lead statistics from the Q3 2011 PandaLabs Report released at the beginning of this month. Instead of pondering that number, I found myself pondering how the market reacts to that number as we move toward the end of 2011. Shock? Knowing nod of the head? Yawn?
When I joined Triumfant in November of 2008, the world had entered that year with less than 1 million signatures according to Symantec’s Internet Threat Report series. Those were simpler times. In 2009, the number of new signatures exceeded the number of total signatures reported in 2008. The statistics were sobering and captured the attention of the market as organizations began to internalize that the malware game had changed dramatically across multiple dimensions – volume, velocity, and sophistication. Threats were also shifting from broad, opportunistic blunt instruments to targeted attacks, some written for a single target. The term Advanced Persistent Threat moved from the MIC into the broader consciousness.
As we close out 2011, my impression is that the 5 million number by PandaLabs generates very little response and such numbers numbers no longer resonate. Maybe these numbers have gotten large enough where they loose a sense of connection. Maybe the numbers have been overused to the point that they no longer have any impact (the marketing bashers so prevalent in IT security will quickly form a line here). Or maybe most right thinking people have seen the weight of evidence and have accepted the new threat reality. Regardless, they appear to no longer capture the imagination.
What the numbers continue to say is that the world of IT security has changed dramatically and continues to rapidly evolve. The numbers dictate that organizations need to be open-minded to new solutions and must stay nimble to keep up with this evolution. For example, I think organizations now academically understand that the notion of the 100% shield is obsolete, but far too many have to emotionally accept that reality and take action accordingly.
The numbers also remind us of the relentless nature of the adversary, who never stop trying to broaden the always-present gap between offense and defense. The numbers indicate that your defenses have plenty to do, so make sure that they are stood up and properly configured on every machine so as not to give the bad guys a beachhead. There is no 100% shield, but you should ensure that your shields stop what they can.
The numbers reinforce the fact that you should expect to be breached. Accept that there will be attacks written specifically to evade your shields and get to your sensitive data and IP. Think beyond shields and have rapid detection and response software in place for those times when you are breached.
In the end, the only real number that is truly significant is how many breaches that go undetected and result in loss of revenue, loss of customer confidence, or loss of intellectual property. All you have to do is read this very frank assessment of the cost of the RSA breach to know that the number “1” may be far more impactful than 5 million.