Senior management needs to face up to the fact that it could be throwing good money after bad when it comes to security investment, a senior security researcher from Kapersky Lab has warned.
Addressing the (ISC)2 conference in Munich, David Jacoby challenged delegates to cast aside any sense of complacency they had about security, warning the audience that their management had to relies that it didn’t matter how much money companies were going to spend on security technology ,they were still going to get compromised.
And furthermore it was becoming harder to detect whether the increasing number of attacks were successful. He also added, somewhat ominously, “Often we have no idea about these vulnerabilities. We know what we should do but we [typically] don’t do it.”
Jacoby also voiced a strong opinion on the general approach to dealing with incidents which he said was often a process of going back to square one. Mainly because of the tendency, said, the research, to “sometimes just fix everything. How can you solve the problem? If you don’t know what you are trying to fix, how can you get a solution,” he asked. There was a huge problem in this he added: “we refuse to see the real problem. And then we get hacked again.”
Another reason cited by Jacoby for difficulties was that by its nature security was difficult to manage and that a high percentage of currently available CE such as routers was inherently hackable due to hidden admin routines and old software.