Companies seeking to shield valuable data from criminals and government spying should assume the attackers have already penetrated their systems and adjust defensive strategies, security firms McAfee and Symantec Corp. said.
"You must assume something is going on and you have to start looking for it," Patty Hatter, chief information officer and senior vice president of operations at Intel Corp.'s McAfee, said today at the Bloomberg Enterprise Technology Summit in London. "Be paranoid it helps."
Breaches at Target Corp. and Home Depot Inc. that resulted in the theft of millions of consumers' credit-card data, as well as reports of government spying have put pressure on companies to find answers to digital threats. Computer-security providers need to catch up with other parts of the software industry in making individual products work with each other to limit security risks to clients, Hatter said.
The firewall may be starting to lose its popularity as a safeguard as companies start focusing on protecting their key data assets more closely, said Jeff Lawson, co-founder and chief executive officer of San Francisco-based Twilio Inc.
"Is it easier to secure the entire city of London or this royal jewelry?" Lawson said at the Bloomberg event. "Firewalls actually start to be things of the past. Once you open up your firewall to 40,000 employees you probably open it up to everyone."
"There is no such thing as 100 percent security; it's about defense in depth," Darren Argyle, head of information security for Symantec in Europe, the Middle East and Africa. "Long gone is the hard perimeter. Move security closer to the assets that you need to protect."
When dealing with breaches, companies should consider disconnecting affected systems to prevent attackers siphoning off important files, even if that means losing some business, said Sinisha Patkovic, vice president for security advisory service to enterprise and government clients at BlackBerry Ltd.
"Losing the data is more of a risk than being down for short time," Patkovic said.
