Duncan, who has 30 years’ experience in IT security, told Corporate Risk & Insurance
that it has become a “very challenging environment” as cyber threats evolve every day and there are more complex threats that happen faster than ever before.
While employee education is an important first step in addressing cyber-security, Duncan said as phishing attacks increasingly come from bad websites that are up and down within minutes it’s important for organisations to invest in real-time anti-phishing analysis. The fast nature of these attacks mean the attack can be completed before a traditional security system picks it up he said.
While anti-virus software and firewalls provide basic protection, cloud-based security solutions use tools such as advanced intrusion and zero-day threat detection which identify if the phishing email is coming from a low popularity URL, and if it is linked to bad IPs or domains.
As organisations realise that traditional signature based delivery of threat Intel is less effective and slow they will move to the cloud based solutions, Duncan said.
“All industry analysts including Gartner say organisations need to move to cloud security – not only because it’s cheaper, but it is faster and better security. So when you look at delivering threat intelligence that way it is the most effective way,” he said.
Duncan advises that those organisations still hesitant to invest in cloud-based solutions to consider that traditional methods can take hours or days to detect threats versus cloud-based which can take minutes.
“Which would you rather use? Something that’s [picking it up] after the fact or detect it and block it in real time,” he questioned.
“A lot of organisations that have not moved to the cloud are the ones suffering these different types of attacks. Sixty-two per cent are going unidentified for organisations using traditional signature based anti-virus. Most of modern malware out there operates inside the signature update cycle so you really need something that can distribute that information in real time to your machine.”
Duncan adds that cost should not put organisations off investing in cloud-based security solutions.
“The challenge with security is it’s not something that improves the bottom line of the organisation, but the lack of security or the loss of data or data breach will definitely harm the bottom line of the organisation,” he said.
He recommends viewing security like an insurance policy and protecting market brand.
Minimising risk with the cloud
Navigating the cloud
Companies failing to protect themselves against cyber-crime
Things are looking “worse and worse” for cyber-security according to David Duncan, Chief Marketing Officer at internet security company Webroot.