COVER STORY
WHY DO COMMONLY USED
SECURITY MEASURES FAIL
A simple firewall used to be effective; those days have long since disappeared By Csaba Krasznay
Information security is defined as a reactive activity, as it involves managing risks that may have a serious effect on the organization if they occur. If we analyze the history of in- formation security, the Pareto principle holds true. It states that, for many events, roughly 80 percent of the effects come from 20 per-
cent of the causes. Therefore, departments responsible for in- formation security try to dedicate their limited resources to that 20 percent.
Sometimes this strategy is effective; sometimes it isn’t enough. Over the last few decades, there were occasions when a simple firewall or antivirus software was enough to prevent the vast ma- jority of attacks, but hackers’ tools and tactics have continuously evolved and evaded these basic measures. Additionally, the IT us- age patterns of employees and customers have also evolved, re- sulting in an infinite loop for the risk management process, mak- ing constant re-evaluation of threats necessary in order to find the right countermeasures for the identified risk. Unfortunately, the Pareto principle can no longer be used in cybersecurity.
All hardware and software elements, with or without network connectivity, can be the source of an attack, and there are mul-
NS6
0218 | NETWORKING SECURITY