That perception is incorrect. In fact, when you compare the handful of successful attacks to the millions that are thwarted every year, you find the cyber security war is extremely one-sided in favor of the good guys.

Security minefield: Bring your own device will bedevil IT in 2012

I don’t want to downplay the significant risks attackers pose to organizations; a data breach can result in the loss of millions of dollars and irreparable damage to reputations. The sheer volume of attacks is staggering: in 2010 alone, Symantec blocked 3.1 billion attacks. That number is overshadowed by the few successful attacks that receive media attention.

Approximately 144,000 malicious files are detected each day. This translates to a rate of more than 4.3 million each month. This war against malware authors is constant and ongoing, similar to the ongoing war on crime. Security professionals are like the police – we don’t expect the police to eradicate crime altogether, but they play a critical role in preventing criminals from winning that war.

That raises a critical point: of those 3.1 billion blocked attacks, roughly half were stopped by intrusion prevention technologies inside of the organizations’ endpoint security software – proving that while signature-based antivirus plays a critical role in preventing threats, it’s no longer an exclusive role. Organizations must work closely with their security vendors and solution providers to ensure they have implemented the latest technologies to mitigate attacks. Vendors don’t release new versions just to generate revenue; they do so because their older technologies become less effective over time.

Because the threat landscape is constantly evolving, organizations need to be able to quickly and easily update their networks and endpoints with the latest operating system and application patches. Here’s where security software has a distinct advantage over a hardware-assisted security solution, which are more difficult to update. With more than 286 million new threats found last year alone, previously unknown and highly sophisticated threats emerge on a regular basis, requiring solutions that are nimble enough to react and effectively thwart them.

New layers of protection technology are making an incredible impact. Reputation-based security stops mutating malware by analyzing and maintaining contextual data for billions of application files and assigning each a risk score. Complement this with a layer of real-time behavioral prevention to thwart targeted attacks. Additionally policy-based intrusion prevention solutions provide solid defense for business critical server workloads, without impacting performance. Each new technology steps up to meet the latest attacker challenge.

This comprehensive and effective approach gives organizations the freedom to choose best-in class solutions and provides the speed and agility needed to respond to today’s rapidly emerging security threats.

That’s not to say that other tools cannot play an important part in an effective security posture. There simply is no silver bullet that will prevent all attacks, and companies should not rely solely on technology. Here are the necessary steps any organization can take to ensure it is not leaving itself open to attack:

•                Develop and enforce IT policies. Prioritizing risks and defining policies can help you enforce policies through built-in automation and workflow to protect information, identify threats, and remediate incidents as they occur, or even anticipate them before they happen.

•                Take an information-centric approach to protect both information and interactions. You must know where sensitive information resides, who has access to it, and how it is coming in or leaving your organization.

•                To control access, you must validate the identities of users, sites and devices throughout your organization.

•                Manage systems by implementing secure operating environments, distributing and enforcing patch levels, automating processes to streamline efficiency, and monitoring and reporting on system status.

•                Protect the infrastructure by securing all endpoints and messaging and Web gateways. antivirus alone is not adequate.

•                Build a security-aware company culture which includes all levels within an organization. This best practice is often overlooked, but it is crucial to ensuring employees are contributing to the success of your security strategy. They will help you win the cyber security war.

The onus is on security professionals to continually evaluate and update security postures to keep up with the bad guys. Advances made to technologies that used to be thought of as “nice-to-have,” like DLP, encryption, intrusion prevention and reputation-based security, are making it much harder for the bad guys to get in and get stuff out.  While it may be impossible to win the cyberwar, we are at least staying out ahead.

Vying for “Worst Cybersecurity News of the Year” was December’s revelation that a U.S. spy drone may not have crashed in Iran. The Iranians claim they spoofed GPS data to make the drone think it was returning to home base. If true, the consequences are chilling. Experts have disagreed for years whether a Cyber Pearl Harbor is possible or what it would look like. We just got our answer: Yes, but next time, our planes – not our enemies’ — will drop the bombs.

2011's security snafus 

Cybercrime as an industry has posted growth numbers – the number and cost of data breaches, new malware and Advanced Persistent Threats (APT), you name it – that would make Wall Street drool. What’s more, the deluge of news written about data breaches represents only a portion of the problem. Current laws and regulations require reporting the loss of only personally identifiable information, not other highly valuable intellectual property such as sales figures or product design data. That means data breach costs are actually much higher.

Not only are cyber attacks getting more sophisticated, frequent and expensive, but our national addiction to convenience and shiny new toys is making things worse. Key among these double-edged swords currently cutting us are cloud and mobile technologies and the consumerization of IT; we have gone from desktops and Blackberries that have relatively good security to cloud services and Apple and Android devices that often don’t. In all these cases, we lack the self-discipline to make information assurance and regulatory compliance necessary preconditions to securely adopting these promising technologies.

Our cyber enemies are using our own critical infrastructure and intellectual property against us to enrich themselves.  What’s worse, we often help them. When we look at all these factors, saying we’re winning the cybersecurity war becomes ludicrous. If this is winning, what would losing look like?

Our current IT security paradigm obviously doesn’t cut it anymore. More and more, government and commercial best practices recommend adding an independently managed layer of hardware-based protection to any IT security portfolio. Increasingly, organizations that rely solely on software-based IT security aren’t bringing even a knife to a gunfight.

If we’re going to win the cyber security war, we have to move to a global “zero tolerance” policy for cybercrime and data breaches. Whether they admit it or not, most people think cyber crime is something that happens to others, or is something they can get away with hiding. This common misconception is a key enabler for cyber attacks and it has to go.

Enacting a zero tolerance policy must start in government and industry board rooms and, if necessary be pushed through public and private sector research, education and regulation. Key steps include:

•    Every vendor needs to build in security by design (no more taping airbags to the dashboard) and the enterprise needs to invest in upgrading their security with built-in solutions. This includes paying real attention to information assurance instead of lip service, and rapidly implementing technologies known to counter evolving threats, such as Trusted Platform Modules (TPMs) and device-based identity.
•    We need to strengthen data breach notification laws to require disclosure of more types of data. Moreover, the penalties for noncompliance must be severe enough to make companies take notice.
•    Both government and industry alike must quit debating game plans and org charts and implement a shared strategy. We need to stop arguing about who deserves a first-class cabin on a sinking ship and start getting serious about fixing leaks.
•    Likewise, government and industry should uphold the National Strategy for Trusted Identities in Cyberspace (NSTIC), which will create an “Identity Ecosystem” where people can choose among approved public and private suppliers of trusted credentials that prove their identity.

We’re losing this war for cyber security, but we know how to win. We’ve just got to ask ourselves one question: What are we prepared to do?