Tradition security defenses are not working against a new breed of cyber attacks, which have increased 6.5 times since 2006. FireEye's Rob Rachwald, senior director of research, said that the new breed of attacks is evading signature-based defenses.
Speaking at the RSA Conference in Singapore yesterday, Rachwald noted that the increasing use of pattern matching also is not effective against new threats.
"A lot of our traditional defenses are not working. It's time to rebalance our security spending." He said over the last ten years spending on IT security has more than doubled to some $30 billion, but the problem is only getting worse.
HP's Dan Lamorena said just 3% of IT budgets are spent on security, and of that 85% is spent trying to block attacks. "A hacker only needs to get through once in 10,000 tries to be effective," which is why it's a poor strategy.
Lamorena, also a speaker yesterday, said taking control of security is mainly a budget issue and most companies aren't nimble in their approach.
He explained that there is an efficient and effective black market for selling data, such as top executive profiles, to potential hackers and attackers. This info is auctioned off to the highest bidder. The next level of attackers then work to gain an access point into firms, then in turn sell that to the highest bidder. The chain can move from mere profile data to secure passwords to financial fraud.