The revelation this week that U.S. -based outlets of Home Depot may have suffered a stunning data breach — one source thinks data was siphoned from every one of its 2,200 stores — has prompted a lot of hand-wringing.
“J.F. Rice,” a moniker for an IT security manager who’s name and employer are not being revealed, wonders in a post on Computerworld U.S. if the time has come for a major technological leap to keep ahead of attackers because traditional layered defences aren’t enough.
“I’m beginning to believe that in the cutthroat rivalry between attacker and defender, the best technology wins,” he writes. “The only way we can keep one step ahead of today’s hackers is to take two steps forward and advance our defensive capabilities to the point where we can reliably repel, or at least detect, today’s data thieves.”
“The simple fact of the matter is that attackers will always have several vulnerabilities to choose from at any potential victim they want to target,” he argues. “And security managers, even those who are really good at their jobs, will never be able to close every single hole. And it only takes one.”
So he says IT security pros should keep a close eye on leading edge security technologies. The inference is that as soon as they are proven they should be rushed into production.
I’m not sure that’s feasible. Layered security has its advantages. Moreover, as I wrote earlier this week, sometimes it takes a change in attitude towards existing technology, to not merely rely on recommended security policies but implement the toughest there is now.
There is no doubt, though, that a change in IT security strategies is needed.