By Al Hartmann

Are Intrusions Inevitable?

I attended an IT security conference this week in Paris, France (“Vulnerabilities and Threats: Which Cyber-Defense?”). This event, organized by CNIS Mag (Computer, Network & Information Security), was an opportunity to engage with many security experts, listen to great guest speakers, and get a flavor of the main IT security concerns on this side of the Atlantic. Obviously it was not a surprise to notice all the attendees unanimously saying that being 100% secure nowadays was just a dream…

I was excited to confirm Ziften’s experience that for most IT security professionals, known vulnerabilities on endpoints was the number one concern, far ahead of the BYOD trend. The following facts explained in the general session and confirmed by several speakers during the final round table are more than telling:

  • 53% of endpoints in enterprises are not up to date in terms of patching (source: Check Point 2013 Security Report)
  • Despite all the defense tools already in place (antimalware, IPS, vulnerability scanners, etc.), hackers are using furtive methods to bypass them and exploit known vulnerabilities on users workstations
  • Attacks are operated is silent mode, and companies discover intrusions months later (sometime they will never know they were hacked…)
  • Generally speaking the number of intrusions are exploding
  • The number of companies already hacked without knowing is significant

Also, the concluding message delivered by the experts of this conference was very clear and direct: “Companies must accept that intrusions are unfortunately inevitable and they should prepare to face it now. They should innovate and watch new security solutions.”


Get the Blog Here