Days of individual security over, says IIA chief

People need to adopt multiple security services

People solely relying on patching and upgrades are leading themselves into a false sense of security and individual protection is no longer sufficient in the age of multi-vector attacks, according to the president of the Internet Industry Association of Australia.

Most people rely on operating system and software updates – including security patches – to gain a perception of security, but with increasing sophistication of cyber attacks this single-minded approach is no longer sufficient, according to IIA chief executive Peter Coroneos.

“What is a concern is the capacity of individual users to manage their own security and that time has passed,” Coroneos said.

“Patching and updating software is still necessary but it is not enough.”

Coroneos said vendors need to intervene at the network level and need to provide security tools at a multiple levels to help secure people from the multiple levels of threats that are emerging.

The rise of cloud computing is also adding another dimension to the security problem.

“If you look back 15 years ago we were talking about thin clients and now we are seeing an increase in migrations to the Cloud,” he said.

“However, there are issues with the Cloud, including data protection and security.”

“It reminds me of a Monty Python skit where a building is being held up by trust. It’s only standing up because people are believing it will stand up and Cloud computing is clearly within that frame.”

According to Coroneos, people need to ask if Cloud applications are secure and private and a problem is few client products are applicable in Cloud environments.

“As an industry we need to ensure Cloud services are safe and trustworthy because if it isn’t we are in trouble as a society, not just the IT industry.”

The AIIA has its own iCode initiative for securing online access via ISPs.

“If you turn the clock back 15 years ago ISPs were relying on a tool provided by the ACMA to notify people of an insecure PC,” Coroneos said.

“We codified that and now 90 per cent of local ISPs are participating without any legislation, which is a unique thing around Internet governance. The ISPs see it as a win-win.”

He said it is not in the vendors’ interest to see infected users and good security also lowers the cost of support.

iCode was launched in June went live on December 1 last year.

“Since then we have had enquiries from government and organisations worldwide,” Coroneos said, adding most zombie botnets are not originating in Australia.

TrustDefender co-founder and CEO, Ted Egan, said end-point security and authentication is not enough today as there are more threats emerging around the type of session being initiated by a client.

“We can reach out to a device with an unknown security health,” Egan said.

“One credit union customer has been running end-point security for three years and has already experienced authentication token security.”

TrustDefender conducts it research and development in Sydney Australia. Although the company has yet to get any of the “big four” banks as customers, Egan said it has secured contracts with large financial institutions in Europe.

The AIIA’s Coroneos said consumers need to increasingly adopt a multi-layered approach to security and can’t rely on a single vendor.

“For example, a man-in-the-middle attack can result in a user not knowing if a trojan has used existing authentication to transfer funds from an account,” he said.

Coroneos said as criminals find it more difficult to target tier-1 financial insitutions they will look to smaller, tier-2 companies.

Follow Rodney Gedda on Twitter: @rodneygedda

Follow CIO Australia on Twitter: @CIO_Australia

Join the CSO newsletter!

Error: Please check your email address.

Tags IIATrustDefendersecurityPeter Coroneos

More about Australian Information Industry AssocetworkIIAInternet Industry AssociationTrustDefender

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Rodney Gedda

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place