Many cybersecurity experts dubbed 2014 "the year of the breach" due to the year's numerous high-profile incidents. After all, in 2014 many marquee brands like Home Depot and Sony found themselves dealing with massive data breaches that threatened to upend operations and profit margins for years to come. But if 2014 was bad, 2015 may yet prove to be even worse, according to some experts.
In a panel discussion held at Innovation Project 2015 earlier this year, Keith Alexander, a retired four-star U.S. general and former director of the National Security Agency, noted that the immediate future does not look bright as far as cybersecurity and data breach prevention are concerned. While new technologies, government initiatives and processes that are just over the horizon may stem this rising tide, organizations should not expect the cybersecurity landscape to change for the better in the near term, PYMNTS.com reported. While hackers become more sophisticated by the day, many businesses are not doing enough to keep up.
What can be done to stem the tide?
Many cybersecurity experts agree that the situation regarding data breaches looks dire, but no consensus exists yet as far as a solution is concerned. For Alexander, the best bet to stemming this trend is from recently-proposed information-sharing legislation and other governmental actions. By having federal actors step in to help private organizations more effectively detect and stop malicious actors, he said current trends can be halted, according to PYMNTS.com.
"The NSA can stop cyberattacks. But they can't see what's hitting you [without access]," Alexander said during the panel discussion. "That's where cyber legislation is coming in. We should fix this and we could."
However, this is probably not enough to significantly alter the current situation regarding data breaches and leaks. Notwithstanding the controversy surrounding recent cybersecurity legislation and NSA actions, Alexander's assertion is predicated on a false and dated notion – namely that breaches and data leaks can even be stopped in the first place. Increasingly, cybersecurity professionals are operating under a principle that everyone will be hacked or subject to unintentional data loss at some point.
"The sooner we recognize that our tried-and-true security techniques are failing us, the sooner we can take a fresh look at preparing for the inevitable," SecurityInfoWatch contributor David Barton wrote earlier in March. "A shift in focus from 'if' we have a breach, to 'when' we have a breach will pay dividends as a result of better planning and preparation."
Operating under the guidance of "when, not if" is not necessarily giving up. Rather, it just means that companies need to adopt different protection methods. Instead of utilizing external defensive methods like firewalls that will inevitably fail, organizations should turn to managed SIEM solutions. This allows a company to detect a leak or breach as soon as it happens and take immediate steps to rectify the situation. With managed SIEM, organizational leaders can rest easy knowing that their networks and systems are well looked after and that threats will be found and rectified before major damage can occur.
Cybersecurity news and analysis brought to you by Arctic Wolf, inventors of FireBreak detection and response security services. FireBreak, when your firewall fails.