Tuesday, September 20, 2011

Defence contractor warns of false cyber security beliefs


Four 'mindsets' that trip up specialists.

BAE Systems Australia's cyber security head has warned against four mindsets preventing security specialists from effectively dealing with cyber threats.

According to the defence contractor's Tim Scully, an overemphasis on all-encompassing defensive measures or on compliance with standards or regulations could be counterproductive.

Scully, who was also the chief executive officer of BAE subsidiary Stratsec, chaired a work group on Cyber Threat and Fortress Mentality at the second national cyber warfare conference in Canberra this week.

Fortress mindset

He described the "fortress mindset" as the traditional approach to security, where specialists aimed to keep all threats outside of their networks.

Defensive measures in a "fortress" approach focused on systems and infrastructure rather than focusing on protecting the organisation's most valuable information.

That approach was as naïve as thinking that everything inside the network was secure, he said.

“If your network is connected to the Internet, and you have something of value to a threat actor, you are likely already compromised," he said.


No comments: