IT Security - at all costs?

14 Oct 2015
Posted by adrianb

Despite the hundreds of millions of dollars spent every year in an attempt to prevent them, security breaches affecting the personal and financial data of thousands of individuals and organisations now occur daily, to the extent that a blockbuster intrusion "smash and grab" of confidential data no longer merits many front page column inches or much disturbance of the Twittersphere.
Online banking is now known to be suffering significant losses as a result of sophisticated and widespread attackes on legitmate users, which effectively set up on line banking customers' PC's to record their user access credentials.
There is a growing body of opinion that it should be assumed that the systems and networks in which confidential information is stored and processed are open to unauthorised users, whether by external attack or by internal 5th columnists (both human and software).
This approach does not mean organisations giving up on their existing IT security precautions, but means becoming more realistic about the protection these can provide.
Analogies to warfare are often used when describing IT security intrusion secenarios, and "defence in depth" is a very good example of one of the strategies likely to be most effective in the long war of attrition against fast changing and highly mobile adversaries.
Conventional security defences must still be applied but rationally and with thought for how breaches can be realistically managed given the resources available.