It’s the beginning of a new year for much of the world, and many will embark on an evaluation of their security risks for the coming year.
There are two common industry themes I’ve been seeing emerge, which have widespread relevance for security professionals everywhere:
- First, the slow but steadily increasing sophistication and stealthiness of the attacks, exploits and malware used – many organizations don’t know that they’re hacked until the attack is disclosed by a third party (sometimes the hackers themselves!)
- Increasingly more disciplined, driven and innovative attackers, who are willing to invest the time and resources needed to defeat traditional security measures. They often target marketable data that they can then sell to the highest bidder.
In my latest SecurityWeek column, I talk about why I think that these trends will lead to an increase in targeted attacks against data centers over the next few years.
Here’s an excerpt:
When asked why he robbed banks, American bank robber Willie Sutton famously replied, “because that’s where the money is.” Data centers are attractive for the same reasons – because that’s where the data (and the source of money) is. How ironic that just years ago, few businesses even had a data center firewall. Today, if you’re consolidating data centers, working on a data center infrastructure refresh or building a private cloud, security needs to be a key part of your data center strategy. The trend for 2013 and beyond will certainly be more data center attacks.
Headlines over the last couple of years have very clearly demonstrated the new world order for attacks. Attacks are now stealthy, sophisticated, multi-vector attacks, and very damaging. The main catalyst for the change has been with the “actors”. As the attacker community evolved from hackers (with aspirations of notoriety) to organized crime members, hacktivists and nation-states, the targets have fundamentally changed.