The recent spate of high-profile cyber-attacks mean governments and consumers expect more transparency from businesses, security software firm Sophos’ CEO Kris Hagerman told ComputerworldUK.
Discussing the recent revelations that Sony’s security had been compromised - which led to the leak of several of its films - Hagerman said that the current media frenzy surrounding cyber security put a “higher and higher expectation on enterprises of all sizes if they have been successfully hacked”.
Hagerman said: “Governments, consumers and enterprise customers are asking for more disclosure when something bad happens…if a breach has occurred that a corporation has reason to believe took place, they will not have the luxury of cleaning it up quietly, resolving the problem and going about their business.
"That is just not going to be an option going forward."
Not least because the new Data Protection laws from the EU, due to come into effect next year, will make it mandatory for businesses to report breaches.
A draft of the new EU data protection regulations propose that all firms notify regulators of breaches “without undue delay”. This regulator is likely to be the UK National Computer Emergency Response Team (CERT-UK).
Currently, only public sector organisations are required to notify the Information Commissioner’s Office (ICO) of a breach, but private companies are exempt. Historically, breaches have been uncovered in private companies after a customer notices fraudulent activity and notified the authorities. Occasionally, a customer complaint is the firm’s first alert to a breach.
Unique malware pieces seen per day rise to 350,000
The CEO revealed the staggering increase in malware circulating the cybersphere in comparison to one year ago.
In 2013, Sophos’ research labs saw a peak of 250,000 unique malware pieces a day.
“Today it is probably 350,000 pieces. As an industry it is relentless. Not only do you have more attacks, but more devices that can be attacked,” he said.
Threats to firms are heightened by multiple devices employees use, which pose a risk both via the device and the digital footprint devices leave.
“The cost and exposure of getting this stuff wrong is going up, whether it is the White House website getting breached or Target almost going bankrupt because of its breach. You see every other week there is a front-page story about some attack that has taken place,” Hagerman warned.
Sophos' research and development
Like most businesses, Hagerman said that its customers face budget and time pressures.
“The fundamental challenge for our customers is that they are being forced to do more and more with less and less and they are not going to get a breather in terms of here is more budget and here is more staff in terms of security. Instead they have got to find a way to be smarter with the team that they have and that is who we go to work for every day.”
Sophos is also working on using its big data from the 100 million devices that use its software to make it “smarter” by processing it in the cloud, as well as extending its cloud products for customers.
In addition, it will continue to focus on encryption.
He said: “Ultimately, the last line of defence is if you have encryption that both protects the hard drive of these systems and protects the data that flows through those systems then you have the ability to protect what the bad guy wants. If that data is encrypted, then it is completely inaccessible to a bad guy even if they have made their way around your defences.
“Sophos is leading there and that will continue to be a space that is important to more and more enterprises as the scale of security increases and the impact of getting it wrong goes up.”
Image: ©Rayi Christian Wackoo