Speaking at Infosecurity Europe, Spencer Mott, the chief information security officer (CISO) at Electronic Arts (EA) revealed that the task of securing networks was not an easy one. Furthermore, he believes that advanced evasion techniques (AETs) and advanced persistent threats (APTs) that target networks are “undefendable.”
“These types of attacks are made up of a lot of different strands so… if one technique fails, another route is taken to achieve its end goal.If it is not impossible, it is still difficult to defend, even if you unplug yourself from the internet due to the internal threat,” Mott explained.
According to SC Magazine
, the expert claims that at some point all major businesses will be targeted by cyberattacks. However, organizations that hold sensitive or classified information will remain on the top of the list.
One interesting point raised by Mott is that firm executives shouldn’t leave the entire workload on the shoulders of security teams. Instead, they must rebuild businesses and business processes if they want to ensure their company's safety.
There are many factors involved in the protection of a large organization.
“It is the output of every single employee and you can go wider [to customers and partners]. The reality is that it is a completely out-weighted, undefendable position to be in,” he added.
While networks may be “undefendable,” when it comes to assets it’s not necessarily so. Specific information can be properly secured even if the rest of the system is somewhat exposed to malicious hackers.
The security chief revealed that businesses must be prepared at all times to “understand the nature of the attack,” and determine the elements that allowed it to be successful.
Finally, customers and regulators need to see that the company did everything in its power to fend off an attack, even if the breach occurs.