Three-quarters of security practitioners have no confidence in users or technology.
According to research by Bromium of 300 information security practitioners, 85 per cent felt that that their existing security technology is unable to prevent endpoint infections, and that anti-virus solutions are unable to protect against advanced targeted attacks.
Rahul Kashyap, chief security architect at Bromium, said: “The reality today is that existing endpoint protection, such as anti-virus, is ineffective because it is based on an old-fashioned model of detecting and fixing attacks after they occur.
“Sophisticated malware can easily evade detection to compromise endpoints, enabling cyber criminals to launch additional attacks that penetrate deeper into sensitive systems. The recognition that the status quo is broken is the first step toward changing it for the better.”
Elsewhere, the survey also found that 75 per cent respondents believe that end-users are responsible for their biggest security headaches. In an email to IT Security Guru, Rik Turner, senior analyst at Ovum said that he did not find these numbers all that surprising, given that security people are increasingly coming to the conclusion that breaches are inevitable, regardless of what defences you have in place.
“As for humans being the weakest link, according to 75 per cent of respondents, again that is pretty logical, given the visibility of spear phishing and watercooler-style attacks,” he said.
Speaking to IT Security Guru, Quentyn Taylor, director of information security at Canon, said that he agreed with the 75 per cent figure, as often mistakes are not deliberate; but almost all major security issues do require someone to surf somewhere where they probably shouldn’t be or click on something that they probably shouldn’t click on.
He said: “If you look at a lot of security issues in the past, then someone has had to get a human being to click an attachment or go to a website or click a link. If you can get your employees to say something, and do that regularly and reliable, you will end up with a much more secure company because then you force the attacker to attack the computers rather than the human beings as then they are attacking systems that are a lot easier to secure.
“The computers are the easy bit and do not have greed or pride. But because you cannot get away without humans, you have to consider them to be your best line of defence as there is no way of operating without them.”
