View from the cheap seats

I am often asked what I like about my job as director of threat intelligence services for a large banking organisation in the US. I always answer the same way: it is never dull and if you wait a week, a day, or even an hour, what you think you know and the threats for which you are prepared will always change. We are in an industry where we face a constantly evolving challenge, and one that is not for those who want an 8-to-5 job, or who need a lot of sleep.

When I think back to how the threats, industry and the tools we use have evolved, it is interesting to realize how much, in fact, has stayed the same. Although the attack vectors have become increasingly sophisticated (remember the good old days when we could simply tell users not to open emails from people they didn't know?) and the number of vulnerabilities continues to grow while the time between discovery and exploitation decreases, our jobs and our day-to-day successes and failures are still as much about people and what they do (and don't do) as they ever were.

The good news is that our tools have matured, are more widely used, and as a result, the level of protection has improved. Consumers have made strides in recognizing the importance of security and companies have dedicated more resources to developing strategies and implementing solutions to address the problem. The bad news is that, even with all of the progress we have made, it still only takes one infected laptop connecting to a company's internal network to elude all perimeter defences, or one keystroke logger to steal someone's personal confidential information and access their financial accounts.

We still fight the battle of social engineering and wrestle with people's natural curiosity and trusting natures. The same tactics that made the I Love You mass mailer and the Nigerian 419 scams successful are employed today – and still reaping the same benefits. We still deal with software that contains vulnerabilities, and have to face the complexity of patching and the struggle to get people to understand why they need to patch. When you ask users whether they patch their systems regularly, it is not uncommon to be met with a look of confusion.

We still work with the reality that, more often than not, while vendors have made strides in releasing pattern files faster, developing improved heuristics, incorporating behaviour detection and being more responsive in providing patches for new vulnerabilities, we respond reactively, not proactively, to new risks and threats.

Some things have changed. While there is still a prevalence of mass mailers that continue to be a common vector for propagation, we are seeing movement towards a stealth-like approach and more targeted attacks. In many cases adware and spyware have replaced malware as the more pressing issues to be addressed. And the type of attacker has evolved from script kiddies to perpetrators motivated by financial gain.

What does this mean for the people who use the Internet, the companies whose businesses rely on the software packages that continue to contain vulnerabilities, and you and me, the people in the trenches whose day-to-day job is to protect systems and data?

As complicated (and varied) as the answer can be, at the most basic level it is also very simple. We must continue to do what we have been doing: finding ways to improve our tools, improve our communications and think outside the box.

And while defence-in-depth layered protection, product enhancement and innovation will go a long way towards continuing to provide us with improved security at home and in business, we must keep in mind that there is no magic bullet staring at us from over the horizon and, most importantly, it will take all of us continuing to work together to fight the good fight.

As we take a collective deep breath, after having been awake for 20 straight hours, and realise that tomorrow is yet another day full of challenges to be faced, just ask yourself: would we really have it any other way?