Cisco VP: Firms Must Stop Playing ‘Whack-a-Mole’ with Hackers

The growing number of large-scale, high-profile cyberattacks is evidence of something Martin Roesch has been predicting for several years now: the so-called industrialization of hacking. Security professionals need to respond with advanced strategies that can better defend against this new breed of attacks, said Roesch, vice president and chief architect for the Cisco Security Business Group, who was speaking Thursday at the RSA Conference taking place in San Francisco.

As hackers have become increasingly sophisticated, they've found ever more profit and opportunity in breaking into the networks of businesses and other organizations, Roesch said. It's reached a point where, today, the hacking industry is three to five times the size of the security industry, he said.

That means that security experts need to approach their defense strategies from a new perspective, Roesch said. The past approach, which involved keeping security strong enough in hopes that hackers would move on to less-protected targets, no longer works, he told the RSA audience.

Barriers To Hacking Are Low

The old way of looking at cybersecurity was, "if you just raise the bar high enough, the bad guys will go away," Roesch said. "They don't go away anymore." What's more, hackers today don't need many resources to break into the IT systems of almost any organization. "The barriers to entry are low," he said. "It doesn't take all the skills in the world to break into all the sites in the world."

It doesn't help when large, supposedly sophisticated organizations don't employ even the most basic cyber-protections, Roesch said. He cited a recent Cisco survey that found fewer than half of security professionals make use of critical security tools. Those included identity administration and provisioning, used by just 43 percent of respondents; patching and configuration for defense, used by 38 percent; penetration testing, employed by 39 percent;...

Comments are closed.