Refocusing the private sector cybersecurity mindset

attack_s640x426A report this past week surveying clients reveals some startlingly dismal numbers on the breadth and increasing scope of cyber attacks. The report was issued by Prolexic Technologies, a Florida-based technology provider of distributed denial of service protection services.

Specifically, the Prolexic Technologies report found a dramatic uptick in the frequency and significance of distributed denial of service (DDoS) attacks. A DDos attack, in essence, seeks to overwhelm computer servers with illegitimate visit requests, rendering websites unviewable to legitimate visitors.

As the report notes, “the average packet-per-second (pps) rate reached 47.4 Mpps and the average bandwidth reached 49.24 Gbps based on data collected in Q2 2013,” adding, “These metrics, representing increases of 1,655 percent and 925 percent respectively compared to Q2 2012.”

“This quarter we logged increases for all major DDoS attack metrics, and some have been significant. DDoS attacks are getting bigger, stronger and longer,” said Stuart Scholly, president at Prolexic. “We believe this growth is being fueled by the increasing prevalence of compromised Joomla and WordPress web servers in increasingly large botnets.”

A May report titled ‘Cyber threat intelligence and the lessons from law enforcement’ published by KPMG, one of the largest professional services companies in the world, paints a stark picture of the private sector firms and organizations’ failure to properly understand the cybersecurity world. This shortcoming has resulted in an inability to address the significant vulnerability to such attacks.

KPMG notes, “As adversary sophistication increases, many organizations react when it is too late – the attack is underway. Few organizations have the capability to anticipate cyber threats and implement preventative strategies, despite prevention being more cost effective and customer focused.”

Essentially, organizations have a fundamentally flawed (or ineffective) approach to cybersecurity. Such ill-equipped organizations need to heed the lessons learned from law enforcement and intelligence agencies that have been dealing with these types of threats for substantially longer and with more focused efforts.

According to KPMG, organizations need to stop playing catch-up and “create an intelligence-led mindset.” Following an initial shift in organizational thinking and threat perception, firms will need to migrate strategies to be built on “intelligence operating models” in order to achieve, “an intelligence-led decision-making process.”

The reality remains that cybersecurity requires a security mindset to fundamentally address the threats and vulnerabilities at their core. This is, in many regards, similar to the military operations concept for strategic thinking called the OODA Loop, which stands for Observe, Orient, Decide and Act.

Until the reality of the cyber-operating environment sets in for private sector organizations and a substantial shift in the business management mindset occurs, firms and organizations will remain susceptible to cybersecurity threats. It cannot remain ‘business as usual’ in a world where threats evolve as fast as the technology does. Constantly playing catch-up in the cyber realm will remain a futile effort equivalent to combating threats with a critical arm tied behind ones back.

To read other stories from the Washington Times Communities, please go HERE.

 

 

One Comment

  1. This is well put. It is about time we move to a new concept. When people get hit in the head 3 times, you shift strategy, unless you are punch drunk. “Intelligence operating models” could be a new strategy. BUT, the problem is how to share intelligence with the corporate and private sector/public. At DEFCON 21 there will be a talk on sharing intelligence with public and public sector. “According to KPMG, organizations need to stop playing catch-up and “create an intelligence-led mindset.” Following an initial shift in organizational thinking and threat perception, firms will need to migrate strategies to be built on “intelligence operating models” in order to achieve, “an intelligence-led decision-making process.””

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>