Following the success of its partner summit in Mallorca, Spain where 192 partners and 50 distributors from around EMEA gathered to hear its new vision to Ascend Beyond the Conventional, Intel Security held a separate channel press summit for journalists from throughout the territory to further extend the messaging around its strategies. Mark Davison reports.
In just the space of a year, the cybercrime landscape has changed so dramatically that cybersecurity companies such as Intel Security are being forced to continually update and adopt multiple new strategies in order to protect their customers.
Andrew Elder, president of Intel Security EMEA, says one simply has to compare media headlines over the period to get an indication of how much more impact today’s cybercriminals are having on society.
“Over the past year, there have been some bold headlines in terms of cybercrime,” Elder says. “There has been a significant shift from a year ago when there wasn’t much content, to where the situation has changed and the impact of cybercrime has been much bigger – whether it’s been downtime threats or for financial gain. It’s a significantly bigger challenge than it was just one year ago.”
Elder says the cybersecurity world has evolved in three key areas.
“Firstly, it is much more personalised,” he explains. “And many more individuals now have access to sensitive information than in the past. Secondly, we are seeing cybercriminals bleeding into physical crime. Not in the sense of hold-ups which have become tricky with the likes of CCTV becoming ubiquitous, but in the sense that they will meet victims in a car park with cash in a hold-all rather than Bitcoin. And thirdly, with industries transforming with connected devices, the landscape is significantly wider.”
Elder says these shifts are driving enormous change in cybersecurity.
“The attack surface is expanding with billions of connected devices,” he says. “And this now means cybercriminals can penetrate from so many devices. Cybercrime is becoming industrialised – criminals are becoming more sophisticated and their intent is evolving alongside this. The industry itself is complex and fragmented – there are literally thousands of products from hundreds of vendors – and this is only going to get worse.
Added to this, there is a severe shortage of talent – there is a global shortage of cybersecurity professionals.
“As an industry,” he says, “we have massive challenges.”
In looking for answers to these challenges, Elder says the company commissioned a survey among 1 000 global IT security decision-makers. “Let’s look at these challenges one by one,” he says.
“On the expanding attack surface, 62% of respondents say it is better to solve today’s problems than to speculate about tomorrow’s,” he says. “Finding that balance is very difficult. As smart devices get connected, we’re seeing more and more breaches. And with 200-billion devices connected, we’re seeing cybercriminals hacking into the office and via this into industrial sites themselves.”
Elder cites as an example of this an industrial power blast furnace that was recently hacked and the temperature turned up to cause extensive damage.
“So we are now starting to see cybercriminals damage physical infrastructure,” he says. “And the impact of this can be significantly higher than other hacking exploits.”
When it comes to the complexity and fragmentation of the cybersecurity industry itself, Elder says it is its own worst enemy.
In the survey, 49% say they prefer to buy Best-of-Breed as opposed to integrated security systems. This means that many companies simply layer dozens of products from dozens of vendors which can obscure security’s vision when trying to track and halt hackers.
He says Intel Security’s integrated solutions provide tangible benefits for customers. “Hackers always look for a way in and they always leave footprints,” Elder says. “Every time they don’t get in, we record that, verify the footprint, and communicate it. It’s a huge benefit to customers.”
But, as the survey indicated, the layered approach to security is one that is seemingly embedded at present and could prove difficult to change.
“The complexity and fragmentation issue is a major challenge and it won’t get any easier,” Elder says.
On the industrialisation of hacking, Elder says that 70% of respondents say it is only getting harder to protect their organisations.
“This means 30% think it is getting easier,” Elder says. “I certainly think it’s getting harder. Why? Because cybercriminals have some unique advantages: Time is on their side – they have no deadlines and can hack in their own time; the penalties if caught are still very low; and they can try to hack thousands of times and only have to be right once.”
He adds that hackers are also becoming more sophisticated.
“In the early days, it was about fame and notoriety,” he says. “Then it was vandalism and on to the hacktivist – someone hacking to support a specific cause, making a statement. Then we move on to organised crime who participate solely for financial gain, and then we’re up to state-sponsored cybercriminals involved in waging cyberwar.
“And all the kits that these various hackers use are available for download,” he adds.
But it’s not just hacking tools that are freely available. Personal payment card information is another commodity up for sale.
“We also conducted a pricing study,” says Elder. “It varies by country and by market, and by how much information comes with it. But it’s really quite fascinating.
“In 2011, the price for a payment card was $25, in 2014 it was $14, and last year it was $8,” Elder says. “Today, that same card information sells for $6. And don’t believe that your information isn’t out there – it is.
“And for just $250 a cybercriminal can get access to an account that holds $5 000 or more,” he adds.
Equally fascinating is the increase in the number of daily threats.
“In 2005, the industry was dealing with 25 threats per day,” Elder says. “In 2015, this had escalated to 496 800 unique threats every day.
“The real challenge is: How are we going to cope with that?” he continues. “There’s a huge shortage of talent in the security industry. Our study indicated that 70% of respondents feel that people can do the job better than automation, but even if that’s true there are not enough people. It’s estimated that there are more than 1-million unfilled cybersecurity jobs, so just throwing talented people at it won’t help.”
Elder says the solution lies in Intel Security’s Threat Defense Lifecycle which encompasses the three key areas of Protect, Detect and Correct.
“This entire cycle is constant,” he says. “And what we aim to achieve through it is to address more threats faster with fewer people. What we try to do with technology is to free up the talented people to deal with more complex threats.”
He says that the company’s Data Exchange Level (DXL) aimed at standardising integration and communication to break down operational silos is a prime example of this technology. DXL, he says, is a collaborative fabric-based ecosystem which results in a fast, lightweight and streamlined solution, simplified and reduced TCO, open vendor participation and holistic visibility.
“Our shared strategy with our partners is to sell, deliver and win,” Elder says. “Sell Threat Defense Lifecycle; deliver better customer outcomes; and win versus our competition.
“It’s a sprint marathon combination,” he adds. “We are sprinting to get ahead … but it’s a long journey.”