Army Gen. Keith Alexander, head of the National Security Agency and Cyber Command, told attendees of an FBI-sponsored event in January that the U.S. defense network is currently “not defensible.”
Amit Yoran, senior vice president and general manager for EMC’s RSA security management and compliance business unit, has come to similar conclusions about computer networks, according to GCN.
Yoran said at the FOSE conference Thursday that motivated attackers will get into a network despite their defenses.
Richard Bejtlich, chief security officer at Mandiant, said people that work in an interesting place are the most likely to be compromised.
The shame does not come from the reality but from not doing anything about the reality, according to Bejtlich.
Nearly 80 percent of attack victims learn their system has been breached through a third party, he said.
The FBI has increasingly helped to notify organizations and that is a huge motivator for entities that believed they were not being breached, he added.
Organizations have begun to assume the mentality that it is only a matter of time before an attack occurs, according to GCN.
GCN attributes the attacks to complex hardware platforms, operating systems and applications, which make for an increasingly vulnerable system.
When direct attacks fail, hackers focus on third parties.
For example, RSA was attacked through another company that was compromised.
Cris Poulin, Q1 Labs’ CSO, said in a separate conference session that only 20 percent of the federal information technology security budget is needed to fix the 80 percent of IT issues known.
The remaining security issues would demand more than the 80 percent of the budget, he said.
Bejtlich said the best solution is collaboration and information sharing, which can be done with a small financial investment.