In an interesting essay published by USA Today last week, John Pirc, research vice president of NSS Labs, discusses forecasting cybersecurity to prevent hacks.
Referencing data released by Mandiant—which shows that 96 percent of data breaches are discovered by third-parties “and that victimized organizations are breached for 416 days, or about 13 months, on average”—Pirc lobbies for a “threat forecasting” approach to protection in cyberspace.
By “threat forecasting,” Pirc means entities should be focusing their cybersecurity efforts on the attack landscape and the most severe threats at any given time. Furthermore, according to Pirc, organizations must obtain early warning intelligence through readily available methods.
Other valuable forecasting insights can be found by studying security products already deployed in organizations’ existing cyber defenses in a new light. As I have discovered in regular testing, even vendors’ latest next-generation firewalls and intrusion prevention technologies, for example, can be bypassed by known exploits targeting vulnerabilities in browsers, multimedia and other common software.
Leave a Reply