Less than two days after the release of an Auditor General report criticizing federal IT security, the CEO of Symantec Corp. warned that the threat is getting worse.
“”The average span of time between the discovery of a vulnerability has collapsed from six months to six days,”” John Thompson told
the Empire Club in Toronto.
“”And day-zero attacks are just around the corner. In other words, we’ll soon see a vulnerability and an exploit appear on the same day, almost simultaneously.””
The remarks followed closely on the AG’s report, which was based on a review of the public sector’s IT security policies and practices.
In the report, Sheila Fraser and her team criticized Treasury Board Secretariat for failing to complete standards related to intrusion detection and incident response, as well as for inconsistency in applying standards and adhering to security policies in many government departments.
Learned lessons
Thompson admitted his company has learned lessons over the years. At one time, he said, “”our view of security was far too narrow.””
Then came the Slammer attack of Jan. 25, 2003, which infected 90 per cent of unprotected servers in just 10 minutes, affecting flight schedules, ATM networks and virtually all business.
“”Our own research at Symantec shows that it costs 10 times as much to recover from a single incident or disruption as it does to establish a program in the first place.””
He said new proactive technologies incorporated into security appliances will allow Symantec to deliver prevention capabilities ahead of an attack.
“”We must shift our game to offence, where we are driving the overall process for protecting critical information, not just responding to the attack.””
New technology
In an interview after his speech, Thompson stressed that while an early warning system provides a valuable head start, it is not enough: External intelligence has to be acted on immediately.
“”We have a repository of intelligence second only to the U.S. government, much of which is managed out of Calgary, ironically,”” which will assist this development.
Thompson said that while a firm can only do so much to prevent and mitigate the risks of an attack, new “”automatic activation”” technology being worked on by his company may help.
It could be used
• where an external threat could trigger an internal audit;
• where an external alert could tell systems to assess patch levels on those vulnerable systems;
• where an external intelligence could prompt more frequent incremental backups;
• and where all these actions could produce an audit trail to ensure that all policies and processes are in compliance.
“”Now that would be useful. Heck, that would be invaluable,”” he said.