Firms are struggling and failing to stay ahead of rapidly increasing cyber attacks, different types of attacks and new technologies to prevent them.
A new report by Ernst & Young found that new Advanced Persistent Threats (APTs) are particularly resistant to firms' traditional security methods. Protecting against these attacks requires several layers of defense, knowledge of the threat and specific skills to detect and react to ongoing attacks.
"The human being is the perimeter today, not systems," says Jose Granado, principal and America's Practice Leader for information security services at Ernst & Young, who co-authored the 2011 Global Information Security Survey.
"APT attacks target specific behaviors, not systems," he said. These threats often target technology providers and aim to steal intellectual property to bring competing products to market with less R & D time and investment. They also steal corporate secretes to gain competitive advantage in negotiating contract and buying terms.
To prevent, firms need to look at technology that detects behavioral anomalies, Granado said as he presented the survey's findings.
"You have to have a different mode of thinking. Don't rely on anti-virus software that itself relies on signatures or filters to detect patterns," he said, explaining that this method used to work, but since new malware changes every second, simple pattern analysis could easily miss an attack.
Instead, firms need to look at behaviors, including during uptime, downtime and processing, and examine different variables and multi-dimensional views, including changes in activity levels and historical data.
The report looked at 1700 firms across different industries, including 40 firms in the asset management space and 341 firms in banking and capital markets. Between 30 and 40 attacks were detected at these companies last year - usually by government agencies, rather than the firms themselves.
But the real number of attacks is much higher. "Are you kidding? That's a miniscule number. Thirty or forty attacks is a rounding error," Granado suggested.
Part of the reason for the growing number of attacks is that more are detected than ever before.
"Regulators used to visit firms, now they've moved in. So they see more and are finding that some of the things they used to think were ok [about what firms are doing to protect themselves], aren't," said Chip Tsantes, principal in the financial services office of Ernst & Young, and co-author of the report.