Skip to main content

Offensive line: Fighting back against hackers

posted onJune 4, 2012
by l33tdawg

Joel Yonts, the CISO of a Fortune 500 automotive supply company, isn't pleased with many of his peers. Their complacency and timidity around security is widening the chasm between victory and defeat by an ever-growing margin, and simply put, the losses really are piling up. 

In security, where the threats evolve on an almost daily basis, most organizations – even ones operating the most proficient networks – seem content with the traditional perimeter-based, compliance-focused approach of battling the enemy, Yonts says. Such block-and-tackle tactics, as they are known among security pros, may work against the so-called low-hanging-fruit threats – things like SQL injections and common trojans – but they hit a brick wall when it comes to dealing with more sophisticated weaponry, like espionage malware.

“I am tired of [hearing], ‘We are defending at the gate and we are winning,'” says Yonts, 40, the CISO since 2006. “No, we're just letting the attackers attack us as many times as they want until they get in.” He blames this inherent defect on an industry where security programs largely have been built by the guidance of audit firms, which place heavy emphasis on meeting compliance mandates, such as Sarbanes-Oxley, and apply a good deal of weight to guarding against the insider threat, often overlooking today's advanced adversary.

Source

Tags

Hackers Security

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th