The information security threat landscape has changed in 2010, taking on a highly targeted form and creating new issues for organisations. To meet this challenge head on, IT Security expert Richard Stiennon from IT Harvest USA has recommended a new organisational structure be adopted.
Speaking ahead of his presentation at CeBIT Australia’s IT Security Conference, Mr Stiennon explained it was not until 2010 that many organisations identified the changing form of threats.
“It’s only in the last 12 months that organisations have begun to realise a fundamental shift in the threatscape”
And as the types of threat evolve, the structure of a security team needs to evolve too, says Stiennon.
“New threats and new environments do require organisational changes. I think that’s what has to happen pretty quickly”
“Only through this organisational change is a company or government organisation going to get on top of this new level of threat”
Stiennon has recently released a suggested structure for a new "cyber defence team".
“I’ve recently gone public with a description of what a cyber defence team would look like. There’s three elements; there would be a research team who is responsible for understanding that threat environment, to understand what’s going on so they can translate those in to what it means for their internal organisation”
“You then need an operational team who goes after already successful attacks”
“The internal operational team would work with the existing infrastructure you’ve got now for handling viruses and patch management but would look deeper in to countering unique instances that have occurred”
“Then finally, a third element is essentially a “red team” - people who are acting as insiders and attempting to find vulnerabilities and methods of attack before the bad guys can”
This proposed team would then report to a new position who would then sit under the CIO, says Stiennon.
“Then working all together and reporting up to a new role - call it a Cyber Defence Commander or something else if you don’t care for the military terminology”
“That person would be responsible probably to the CIO, for making them completely aware of not only the threatscape but the level of exposure that the organisation has”
Stiennon described the Stuxnet attacks as being a recent example of these new types of threat.
“We saw just in the last several months the development of Stuxnet, which is the very, very sophisticated attacks against some control networks inside a manufacturing facility - and possibly a nuclear refinement facility”
This new form meant that the attacker and the target took on a much more personal role, he explains.
“Now, it’s some adversary who has selected a target, which is your data and they are going to be prepared to do whatever they can to get at that data”
Stuxnet and similar attacks meant that traditional forms of protection were now no longer adequate, he said.
“It’s completely different than using classic signature based anti-virus or ITS to just protect your networks from the constant background radiation of attacks that’s always been with us”
Richard Stiennon is presenting at CeBIT Australia’s IT Security Conference, taking place on 29 November in Sydney.
This conference brings together industry leaders to exchange ideas and advice about how they are minimising security threats to their organisations while taking full advantage of today’s open and connected environment.
Find out about the program and full speaker line-up at www.cebit.com.au/it-security.
No comments:
Post a Comment