Treat every corporate server as compromised, advises security expert

The old perimeter-based approach to cyber security no longer works, and enterprises must assume that every corporate server and machine has been compromised.

This is the view of Andy Dancer, MD and CTO EMEA for leading security firm Trend Micro, who was speaking at this morning's Westminster eForum Keynote Seminar on e-Crime, Cyber Threats and Protecting Critical Infrastructure.

"The days of the perimeter working as the sole defence mechanism are no longer with us," explained Dancer.

He argued that consumerisation is partly to blame. Employees regularly take data in and out of the corporate network on devices such as smartphones and tablets, many of which have often not been secured by the IT department.

He also explained that a failure or delay in the patching process can open up holes in the perimeter that cyber criminals can exploit.

"Microsoft releases its patches on a Tuesday, but datacentre administrators sometimes take weeks to apply them. They need to schedule downtime and test the patches," he said.

"However, hackers take just a few hours to exploit these vulnerabilities."

Another point of attack can be the users themselves. Secure token specialists RSA were hacked in March this year when an employee opened up a malicious email attachment, believing it to be from a trusted source.

Dancer stated that organisations are unlikely to find out about a breach for months, if at all, once hackers get access to the network.

"Once hackers defeat the perimeter, they will make stealthy, pinpoint attacks from there," he claimed.

"This isn't an outbreak which shuts all the corporate machines down – it's about probing and searching for valuable data or other vulnerabilities."

In order to defend against this form of attack, he recommended that enterprises operate under the assumption that they have been compromised.

"You should assume that every server in your company is compromised, then build your security around that," said Dancer.