No matter how many news stories, warnings, alerts and highly publicized breaches we hear about, organizations find themselves living and reliving a story line straight out of the film Groundhog Day. Last week’s announcement that criminals stole data involving 4 million current and former federal employees followed the previous week’s news that the IRS had been hacked. According to the Privacy Rights Clearinghouse, 49 major public breaches representing 80,319,845 records have already taken place in 2015.
It’s becoming painfully apparent that organizations are falling hopelessly behind the security curve. It’s not that CIOs, CSOs and CSIOs aren’t aware of the problem. Most simply aren’t equipped to deal with increasingly sophisticated and well-organized cyber-crooks. They lack the knowledge, skills, staff, budget or all of the above.
Consider: Most IT security professionals acknowledge they don’t know how to detect or remediate compromised cryptographic keys and digital certificates in a prompt manner, according to new research from cyber-security firm Venafi. In addition, more than half of IT security professionals admit that they cannot respond to an attack on SSH keys quickly.
As Kevin Bocek, vice president of security strategy and threat intelligence at Venafi puts it: “Keys and certificates are often blindly trusted, so cyber-criminals use them to hide in encrypted traffic, spoof Websites, deploy malware and steal data.”
Outside threats aren’t the only danger, of course. A just-released report from Bitglass found that 45 percent of enterprises have no idea how many insider threats exist within their organization, 70 percent of respondents said determining the actual damage of insider threats is difficult, and only 25 percent of enterprises monitor abnormal user behavior in the cloud.
Still another study from security firm Mandiant found that the median number of days that threat groups were present on a victim’s network prior to detection now stands at 205. What’s more, only 31 percent discovered breaches internally and 69% were notified by an external source.
Obviously, there are no easy answers. But a few things are apparent: First, enterprises must ratchet up the knowledge level and devote more time and resources to cyber-security. Second, organizations require a broader and more comprehensive framework of cyber-security tools. Strategies and solutions that were at least somewhat effective a decade ago no longer cut it. Third, there’s a pressing need for at least some national data standards to improve the current state-by-state quiltwork. Finally, organizations must adopt a more open approach to sharing news and intelligence.
Otherwise, it will be an endless Groundhog Day film loop.
Samuel Greengard, a contributor to CIO Insight, writes about business, technology and other topics. His latest book, The Internet of Things (MIT Press), is now available.