More than 94% of IT security breaches are not detected by companies who are victims, but are notified by third parties, a top official from HP Enterprise Security, the largest IT security research company in the world revealed in Colombo recently.
“That, in other words, means that most companies are not even aware of the breach until third parties inform them. It would naturally take 416 days to detect a breach, if you are to detect them by your own systems. 84 percent of breaches happen at the ‘application layer’ and not on perimeters or firewalls,” Murali Urs, Regional Sales Director, South Asia/Sri Lanka of HP Enterprise Security, said.
He made these remarks at an educational session, conducted by HP Enterprise Security in collaboration with EGUARDIAN, its local value added distributor, for CIOs and Senior Executive level officers of several prominent banks and financial institutions on how to protect themselves from hackers and cyber-crime. During the session, the IT security expert, drawing examples from all over the world, explained why corporates should take the matter of IT security into serious consideration. The session also looked into global trends and the ways in which companies can manage risks in terms of IT security
“Most companies are unaware of these application level attacks. The money lies in applications. That is exactly why they tend to infiltrate applications and Corporates need to know this,” he added.
He also stated that the vast majority of companies who become victims of hackers have fairly good IT security systems in place!
“They have” the Director said, “firewalls, anti-viruses, various protections and highly skilled IT people. But hackers somehow infiltrate and access their data. Hackers, as many assume, are not isolated individuals who wear black jackets and gloves and have long hair. They are very smart, well-funded and well-organized. They do their homework and they know exactly what they are doing. And most importantly, they know where the money is.”
Dhamanjit Uberoi, Chief Solution Architect/Evangelist of HP Enterprise Security, addressing the session, said time was ripe for companies to spend a little more money on security and strengthen their security systems. Spending more on IT security, he said, is always better than losing colossal amounts of money due to cyber-attacks.
Some companies, he said, unaware of the fact threats always do not come from outside. “Usually, everyone within the rampart is trusted. When you are so engrossed in that idea, you don’t see the threats that emerge from within.”
Having explained the security threats, Uberoi also elaborated on the characteristics of a perfect IT security system. A perfect security system, according to him, should be able to integrate any type of system and any type of data structured into a common format and categorized for easy analysis and future proof. That will, he said, would make it impossible for hackers to infiltrate into a system and steal data.