Asking the right questions in IT Security?

Trying to learn more about cyber security, I have been reading articles online and I keep running into a constant theme: How to keep business’ most valuable asset/your information safe. Many of these articles and experts keep say the same thing and mentioning the same topics over and over: are you in compliance, are you vulnerable, are secure, and are you compromised? I even read an article that mentioned that CISOs typically spend 70% of their time on ways to protect their assets. As well, I keep having the same conversation after conversation with clients and prospects and they are repeating the theme. It’s like a broken record! Let me answer these questions for you.

  • Are you in compliance? We have concluded that it is more probable than not… with regulations changing similar to the direction of the wind how can you keep you make 100% sure that you are or are not compliant?
  • Are you vulnerable, YES! If someone REALLY wants that information… they are going to get it (two words, user error).
  • Are secure? No (see above).
  • Are you compromised, probably and you do not even know it.

Shouldn’t the more appropriate questions be: what do you do after you get hit by an attack, how fast can you respond to defending an attack, how quickly can you lock down the ‘bad guys’ once they get in, and what happens once the assets leave your network? My point is I believe that we are not asking the right questions. We as an industry are spending more time on traditional methods of security in a world where attacks are created faster than a Bugatti Veyron Super Sport can go 0-60 mph (2.4 seconds) rather than solving real world problems and looking for proactive solutions. Attacks are morphing faster than ever and now they are published publicly and the ability to grab an attack, injecting a ‘morphing code’, and release it into the wild to create havoc is a point and click away.


There are 345 threats every minuet that’s close to 6 every second; the McAfee Labs malware zoo grew 12% from Q1 2015 to Q2 2015, and the number of new ransomware samples grew 58% from 773,000 in Q1 to 1.2 MILLION in Q2. Think about that for a minute… over 150 threats just got created in the time it took you to read that statement. Also think about: 6.7 million attempts per hour were made to entice our customers into connecting to risky URLs (via emails, browser searches, etc.), 19.2 million infected files per hour were exposed to our customers’ networks, 7 million PUPs per hour attempted installation or launch, and 2.3 million attempts per hour were made by our customers to connect to risky IP addresses or those addresses attempted to connect to customers’ networks. (MFE Labs August 2015 Threats Report) How fast is your network getting attacked? Way too fast!

Congratulations though, you are taking the first step! You are at least thinking about the questions, even if you just read them above and are more than likely in the middle of defending yourself against an attack right now. One of the biggest recommendations I can give is get involved. Join user groups (if you do not know of one ,start one), get out to local conferences, talk to others in your vertical, or at the very least meet with anyone and everyone that calls and ask them where they get their knowledge base from. If you want help in where to start, just ask. I may not know everything but I bet I know a guy. “Knowing the enemy enables you to take the offensive, knowing yourself enables you to stand on the defensive.” Sun Tzu

The post Asking the right questions in IT Security? appeared first on McAfee.