Major companies should assume the bad guys have already broken into their network, and are better off diverting some resources from attack prevention to ferreting out existing invasions, says one prominent security expert.
Ed Skoudis, a founder of InGuardians, a network security company, is frequently brought in to help identify the techniques used in successful attacks against business networks. In a talk at the ongoing RSA security conference where he described common and successful hacker techniques, such as one called "Pass the Hash," he said that a determined attacker can almost always break into his or her target network.
And for that reason, he says, smart companies will divert some of the resources they currently devote towards preventing attacks to identifying existing break-ins and kicking out bad guys who may already be siphoning off credit card numbers or other valuable data.
Considering the spike in stolen data incidents reported by Verizon Business in its recent report on data breaches, which found that 90 percent of the theft involved organized crime groups, Skoudis may have a good point. The data breach report also says that criminals are often choosing valuable targets and then figuring out how to break in, as opposed to scanning for vulnerable networks and then stealing whatever might be available.
Skoudis says that even a 5 to 10 percent diversion from intrusion prevention budgets towards identification and elimination could pay large dividends. Crooks typically stick around once they've invaded a network and continue to steal data over a period of time, and early detection can help minimize the damage.
And what does that mean for the rest of us, who may not hold responsibility over network security for a large company? Joe Stewart, who researches malware for a living with SecureWorks, a business security company, may have put it best:
"I don't worry so much about keyloggers, but about the data breach," he says. "I operate under the assumption that the criminals already have my credit card, debit card and PIN number, but haven't gotten around to using it because they have so much data to work through."