"time to admit that the current whack-a-mole model of enterprise security is broken"
"time to admit that the current whack-a-mole model of enterprise security is broken"
More data records have been breached in the first six months of 2017 than the whole of 2016. The Gemalto Breach Level Index reports that this amounts to an astonishing 121 records lost or stolen every second of every day. Only the US fares worse than the UK when it comes to the number of reported data breach incidents. Just what is going so wrong?

It should come as no great surprise that 2017 has been a bad year for data breaches, given that both WannaCry and Petya got things off to such a devastating start. However, the Gemalto Breach Level Index reveals that with 1.9 billion records either lost or stolen the first six months have been even worse than expected. How much worse? Well that's more than the 1.37 records that Gemalto reported breached for the whole of 2016. 28,331,861 data records were compromised in the UK alone, half of these incidents involved a malicious outsider and 38 percent accidental loss.

To put that into some statistical perspective, in just six months this year there were 918 reported data breaches worldwide according to Gemalto, up from 815 across the last six months of 2016; a 13 percent rise. 

Andrew Martin, CEO and co-founder of DynaRisk, points out "while the number of data breaches is undoubtedly increasing, reports also need to take into account that more breaches are being exposed, not least because larger enterprises are investing in bigger and better security teams."

However, that 22 of those breaches saw in excess of a million records compromised, stolen or lost is bad enough but the numbers could have been much worse: 52 percent of the total reported breaches couldn't (or wouldn't) tell how many records were compromised. The impact of GDPR, and the new UK Data Protection Bill, will mean that disclosed breaches numbers are likely to reach new reported heights from next year. 

SC Media asked the industry what these figures really mean in terms of both the evolving threatscape and the state of enterprise security defence right now?

Damir Rajnovic, Board Member of the Forum of Incident Response and Security Teams (FIRST) told us that there are several possible answers why so many records were compromised in 2017 in comparison to 2016 including breaches from last year not being reported until this. "I do not believe that organisations are actually getting worse in fending off attacks" Rajnovic says "they are simply slower in advancing their protection relative to development of offensive capabilities of miscreants."

Stephen Deutsch, senior advisory consultant at Context, counters with "the threat landscape is definitely getting more capable and sophisticated, while both public and private sector security defences are not evolving at the same pace." Oz Alashe MBE, CEO at CybSafe, agrees that the Gemalto figures suggest that "cyber-criminals are winning the ongoing cat-and-mouse game with information security."

This is a line of thought that was commonplace amongst the security professionals SC media spoke with. "This research clearly shows that the bad guys have upped their game" Fraser Kyne, EMEA CTO with Bromium said "and they are certainly winning the cyber-war at present." Kyne also insisted that it's  it's "time to admit that the current whack-a-mole model of enterprise security is broken."

Kirill Kasavchenko, principal security technologist, EMEA at Arbor Networks agrees and argues that "it's time for a proactive approach, and people and process is key to this. Organisations shouldn't just rely on automated tools and preventative measures" Kasavchenko says "but also active threat hunting and indicator of compromise investigation."

With survey after survey revealing the adversary's approach to have morphed so significantly that the tactics, techniques and procedures (TTPs) in place are simply not congruent with traditional indicators of compromise, Josh Mayfield who is a  platform specialist with Immediate Insight at FireMon warns "addressing these evolving TTPs requires new skills and/or technologies to pinpoint the tactics when they occur."