Bidvert-advert

Stay Update - ICT Security

Enter your email address:

We hate spam as much as you do and we will never sell, barter, or rent your email address to any unauthorized third party.

Most Frequently Used Software


CURL / XPertMailer / AutoBlogger / (Parser - PHP Simple HTML DOM)

giovedì 26 aprile 2012

Infosecurity Europe: EA says corporate networks are \'undefendable\'

The CISO of the gaming firm Electronic Arts has stated that while networks could be breached by AET and APT attacks, assets can still be protected.

Businesses should accept that their networks are susceptible to advanced evasion techniques (AETs) and advanced persistent threats (APTs), and look towards protecting specific assets to maintain their brand intact.

This was the statement from Spencer Mott, CISO at Electronic Arts (EA), who told his keynote audience at Infosecurity Europe that their corporate networks could be hit in some unspecified time in the future, in the event that they hadn't been infiltrated already.

“Networks are undefendable to AETs and APTs,” he said. “These varieties of attacks are made from loads of different strands so… if one technique fails, another route is taken to attain its end goal.

“If it's not impossible, it's still difficult to defend, despite the fact that you unplug yourself from the web because of the internal threat.”

Mott claimed all companies, irrespective of size, will be hit in time, so everyone with an oz of IT of their business had to awaken to the threat.

“Eventually this threat goes to affect any significant business, although the large global brands with probably the most, for instance ‘interesting', things to steal are going to be the foremost-impacted organisations,” he added.

Despite some thinking he might have been too pessimistic, Mott believed this scare tactic was one of the simplest ways for board members to understand the significance of the problem.

“I do think that specific statement about [every business being infiltrated] just encourages our CEOs to get more realistic,” he said. “This is not just a task for security teams; it's about [rebuilding] business and business processes.

“In reality, it's not relevant how big your security group is as it really is now not a central function. It's the output of each single employee and you'll go wider [to customers and partners]. The truth is that it's a completely out-weighted, undefendable position to be in.”

However, all was not lost for businesses, as despite the network being up for grabs, specific assets could still be well protected.

“Where we'd not have defendable networks, we do have defendable assets,” said Mott. “We ought to consider what we will protect and put the measures in place for that, instead of [concerning ourselves] with the undefendable.”

The CISO concluded by saying that in spite of attacks, the ideal thing any company can do is understand the incoming threats and do what they will to arrange and defend.

“Be capable as and when an attack occurs, from a brand perspective no less than, to teach consumers and regulators you probably did everything it's essential to to defend against it,” said Mott.

“The worst thing, no matter if you're fully defended, isn't to grasp the character of the attack and why it was successful.”



Pubblicato da alle 05:42

Nessun commento:

Posta un commento

Comments links could be nofollow free

Iscriviti a: Commenti sul post (Atom)