Enterprise businesses wrestling against hackers for control of their network infrastructure are fighting a losing battle by attempting to build and manage their own security infrastructure, according to Hewlett-Packard (HP).
(The Burglar image by Eastlake Times, CC2.0)
HP South Pacific country manager for TippingPoint, Jacqueline Kernot, said that small to medium businesses couldn't possibly put into place the infrastructure required to protect against the large number of threats that exist online.
She referred to a Ponemon Institute study the company recently sponsored. It found that organisations were experiencing an average of 72 successful attacks per week, up 45 per cent from the previous year, and that those attacks were becoming more complex.
"We're moving into the bigger payload now, which is money, information and credit cards," said HP general manager of enterprise security products, Christopher Poulos.
Having more credit cards in the wild presents an interesting economic situation on the online black market, which according to HP, leads to more desperate attacks by hackers.
"Those credit card numbers are only worth about 35 cents on the market now. Hackers are needing to work harder for their money and that creates a lot of problems for everybody," Kernot said.
"As the number and different type of web attacks increase and become more sophisticated, that's becoming a real issue going forward for [businesses].
"[Spear phishing and advanced persistent threats] are becoming difficult to manage and pick up. It requires a very sophisticated and well-put-together security infrastructure to battle against them," she said.
But instead of building this infrastructure themselves, HP said there were other ways that businesses could fight back while also bring additional benefits to the business.
"Cloud offerings and services, especially security as a service within that cloud service, is the only way to address that cost effectively," Kernot said.
Additionally, HP chief technology officer for enterprise services Archie Reed said that those fighting the fight against hackers needed to consider more than just how to protect against zero-day threats — vulnerabilities that are unknown and do not yet have vendor patches or fixes.
He said that having access to an organisation that could take care of a business' security infrastructure would bring benefits, such as representing them in the development of standards, the Cloud Security Alliance and even political cooperation, most of which would be outside a small business' capabilities if they fought alone.