Page 10 - 2016
P. 10
Sometime around 1995, average U.S. consumer Internet from 2013 numbers. 2015 is sure to be another large jump
speed surpassed the 100,000 bits per second threshold. The in breach incidents as the Netherlands-based digital
speed isn�t as relevant here as the general concept of �The services provider and research sponsor for
Internet.� For all intents and purposes, the crossing of this breachliveindex.com Gemalto reports, that in the first half
threshold marked the beginning of the online experience of 2015 nearly 900 breach incidents had already taken
we know today and puts the Internet at around 20 years place. �Malicious outsiders� accounted for 62 percent of
old. In the grand scheme of consumer technology things these breaches in the first half of 2015.
general U.S. consumer adoption of the television set began
in the 1940s it is safe to say that the Internet is a fairly Whereas the first few years of breach research data
young technology. suggested threats primarily coming from insider sources,
more recent studies show higher risk from a different attack
The wireless handheld computer a.k.a. smartphone in source. Clearly hackers from outside of the perimeter want
its current iteration of speed and application functionality our corporate and government IP.
is roughly 10 years old, give or take a few hertz. For the
purpose of this article, digital Information Security Ten years ago the enterprise IT department was clearly a
(InfoSec) as it exists today, can effectively be considered tactical LOB
roughly 10 years old because this is when outside-the-
network perimeter forces had the capability to invade the As InfoSec professionals, we clearly have our work cut out
datacenter via Internet connections. for us given the complexity of today�s IT infrastructure.
Part of the problem is how we have built our datacenters
By these numbers, we can deduce that InfoSec is roughly over the years piecemeal and tactical. It has only been
half the age of a relatively young Internet. This is not to more recent that IT, in its current state of service delivery,
discount the advances that have been made in hardware has become a strategic investment. Up until around 2009
and application technology in the past 20 years. Rather, it before the economy took a downturn, IT (as well as other
is to emphasize the speed at which technology is exploding corporate business lines) was sufficiently funded to deliver
and how cyber criminals are leveraging relatively �new business services to predetermined service level agreements
technology� to access corporate and government or SLAs.
intellectual property (IP).
Then as the economy struggled and more resources were
Consider this a key contributor as we review the barriers laid off Bank of America 30k (2011); General Motors 47k
to proactive InfoSec, or the practice of stopping data (2009); Citigroup 50k (2008); to name just a few the
breaches before they happen. In such an accelerated IT mantra of the day became �all hands on deck� to maintain
melting pot of hardware, software and the people to these SLAs. IT strategy gave way to tactical just keep the
manage it, we don�t seem to be making a lot of progress lights on for IT services. Fueling these tactical fire-fighting
getting on the front end of proactive InfoSec as an initiatives was the continuing reduction in the cost of
acceptable norm in our collective datacenters. There is hardware. In the five-year span from the years 2000 to 2005
more talk these days of stemming the bleeding from a the per-gigabyte cost of hard-disk space went from around
breach than there is of preventing one. $20/GB to a December 2005 cost of $0.52/GB. Around this
time, the practice known as Security Information
According to breachlevelindex.com, there were 1,541 Management (SIM) was maturing into Security
breach incidents in 2014. This is an increase of 78 percent Information and Event Management (SIEM), hardware
CYBER DEFENSE MAGAZINE - ANNUAL EDITION 10
