I was recently reading the document created by RSA, “When Advanced Persistent Threats Go Mainstream” . It talks about the changing landscape of security, specifically regarding Advanced Persistent Threats (APTs) and how it once again has made us rethink security. Now, I am completely fine with rethinking security. I love the fact that security is constantly moving, I like to be kept on my toes but what I found most nerve wracking is that it seems the new landscaping means that we need to wave the white flag. Are we at the point that we have “given up” on security and we now want to focus on realizing the level of acceptance? Ok so I may be exaggerating a little bit but what this papers identifies is that everyone is susceptible to being attacked. The target is constantly moving and yet everyone is the target. Taking pieces from individual entities and putting them all together in order to get the full puzzle. Does admitting defeat define companies now? Does admitting you are susceptible along with hundreds of others companies make it “cool”? When it comes down to it, there are two types of companies, those that have hacked and those that admit they have been hacked.
It appears that we are changing this landscaping specifically because of the end users and their realization of security. I get annoyed when I hear others talk about the fact that security is hindering their day to day life either at work or at home. Clearly people are not getting the message. Even though their personal accounts might have been violated through other breaches such as Sony, Nintendo, and Gameloft, people are not asking for more security…. they are asking for less. Taking how the end users look at their security helps define the security policies and plans but does this new landscape change anything pertaining to the end users? I know that we can not shut down all access but I feel like we need to use the tools we have it prevent such situations. For instance, using virtual machines for individual internet surfing sessions or using virtual machines to open attachments and scanning them could be ways to reduce risk as well. We have some of the tools and we need to continue to grow our capabilities but I am not sure I am ready to wave that white flag. The fighting will make us stronger and make us smarter, we can’t back down on this challenge.