Dubai: Security solutions providers are playing a game of cat and mouse with cybercriminals despite improvements in technology.
As cybercriminals are become more sophisticated, [security providers] can’t keep up.”
“It is impossible to stay ahead of cybercriminals,” industry experts told Gulf News at the second Gulf Information Security Expo and Conference.
“There are many reasons. What we are seeing nowadays are much high-profile attacks. People like you and I are the weakest link in any security policy because we are accessing internet and networks, increasingly from mobile devices. Also there are increasing zero-day threats,” said Justin Doo, head of advanced threat protection at Blue Coat.
However, he said that most of the attacks taking place today are combination of social engineering and zero-day attacks.
“You can never change that and that is the going to be the part of what CIO has to deal with. The challenge for a CIO is to be right 100 per cent all the time whereas the bad guys have to be right only once to gain access,” he said.
Kalle Bjorn, director of systems engineering at Fortinet Middle East, said the cat and mouse game will always continue.
“We can always look at pre-emptive measures but whatever the hacker thinks, the industry is not going to figure it out until the damage is done. You can never get 100 per cent security ... that is impossible,” he said.
The targeted attacks and advanced persistent attacks are the big things in the news lately. The motto is “prevention is better than cure and that applies to this industry also. Having different layers of protection can limit the damage,” he said.
Experts said the most secure network is the network that is not connected to the internet.
According to industry experts, there are bugs in the computer operating systems we use and the bugs keep on occurring as they update the versions.
“There is cooperation within the IT industry but there are millions and millions of sources codes out there irrespective of the different operating systems,” Duo said.
He said the source code is private to the organisation which has written it and they are not going to release that to the second or third parties to review it.
“The bad guys do find these holes in the source codes, and they don’t make it public until they exploit it and prefer to stay under the radar,” he said.
Bjorn said no application is bug free and that will always exist.
Doo stressed that the recent high-profile hacking on eBay demonstrates that even having the best technology, best process and best people; organisations are still vulnerable to attacks.
Stanley Hibbert, technical Manager at Saudi Arabia’s Al Falak Electronic equipment and supplies company, said there is a huge drive to go back into the mainframe environment in the US and Europe due to “security and stability,” Hibbert said.
