It seems like almost every week there is a new security breach in either the government or in private business. The latest had nothing to do with China, instead it appeared to be more of a revenge attack by one baseball team on another.
Often, the focus becomes firing whoever runs the security effort. However, there is a technology that's been on the market for some time called UBA, or User Based Analysis or User Based Analytics (depending on which vendor you are talking about) that could help prevent such major breaches. But it isn't widely deployed because companies, IT organizations and security teams have apparently wrapped their heads around the idea that perimeter security is a fantasy, it simply isn't working and likely hasn't ever.
I recently attended an event where I was surprised to learn that of a number of companies that had deployed a UBA solution, 75 percent indicated they had caught a breach in progress with it. Makes you wonder how many breaches aren't being caught in firms that haven't deployed this technology.
It strikes me that when we see major events like this everyone acts as if they are isolated events. Unlike stealing something material, when data is stolen it is generally copied so folks don't notice anything missing. So you have to think, if one person could steal the data, then others could as well and the only thing you can be certain of is that you know at least one event occurred. The reality is that there could be hundreds of similar events where the thief didn't screw up or have the need to share what he or she took publically.
Let's talk about how the real cause for the security breach Tsunami, which is that we haven't really understood that our companies aren't even close to being secure.
You've already been breached
I can certainly understand that firms, after spending massive amounts of money on perimeter security, think they are secure even in the face of substantial evidence that they can't be thanks to rogue employees, access points, vendors, subcontractors, temporary workers, viruses, compromised BYOD systems and a whole host of other technology.
People and events constantly create potential freeways for information to flow out of the company on a daily basis, often unapproved. And we aren't even close to the end of the potential areas for breach, just wait until the Internet of Things (IoT) becomes more common and we become surrounded by little devices broadcasting what they know right through our walls and potentially becoming bridges for folks wanting to virtually break into our companies.
Sign up for MIS Asia eNewsletters.