WASHINGTON- With cybersecurity’s most glaring failures in the limelight, many experts say it’s time for a new approach.
In recent weeks, the security community has been rocked by news of a massive breach at online giant eBay affecting as many as 145 million customers, following another that hit as many as 110 million at retailer Target.
A US indictment earlier this month accused members of a shadowy Chinese military unit for allegedly hacking US companies for trade secrets, a charge denied by Beijing.
The incidents highlight huge gaps in cybersecurity, or the ease in which malicious actors can break into a single computer and subsequently penetrate a network or cloud.
“The old model (for cybersecurity) doesn’t work,” said James Lewis of the Center for Strategic and International Studies.
“It is getting worse and getting out of control… One of the dilemmas is that when people have a choice between security and utility, they often choose utility.”
A survey released Wednesday by the security firm Trustwave said it identified 691 breaches across 24 countries last year, with the number of incidents up 53.6 percent over 2012.
“As long as criminals can make money by stealing data and selling that sensitive information on the black market, we don’t expect data compromises to subside,” the report said.
Much of the problem stems from so-called “phishing” attacks in which emails are disguised as coming from a trusted person.
When links are opened, hackers can install malicious software allowing them to control a computer, and potentially an entire network.
A report by security firm Symantec found a 91 percent increase in targeted “spearphishing” attacks in 2013 and said more than 552 million identities were exposed via breaches.
IBM recently unveiled a new cyber defense system aimed at thwarting attacks before they happen, with predictive analytics.
Symantec suggests a similar approach touting its platform “that aggregates and correlates unfiltered alerts from a diverse set of technologies, harnessing global threat intelligence to detect traffic patterns associated with malicious activity,” according to a blog post by Symantec’s James Hanlon.