- V3 Apps
Cyber security best practices are no longer enough to stop attacks, according to HP Security Research director of security intelligence John Pirc.
Pirc said that the time has come for security professionals to get out of their comfort zone. He told the RSA conference 2013 the time has come to use new tools and data to fight the cybercrime battle.
According to Pirc, everyone from small businesses to big firms need to mix up their current definition of cyber security best practices.
"The security best practices we are following are a good guide post but coming from a security expert perspective they are weak," said Pirc at his presentation at this year's RSA conference.
Pirc reports that cyber crime damages cost businesses over $4m every 20 minutes. He said that the damage isn't just done to big named firms, but also to a variety of small businesses.
The HP executive claimed small businesses don't get the headlines of other high profile attacks. However, they are just as much a potential victim as companies similar to Apple and Microsoft.
"When you start looking at how the cyber attackers are winning they are not just going after the infrastructure they are going after the little guys, the small businesses," continued Pirc.
Pirc said that the diverse nature of attacks means a one-size fits all approach to security cannot persist.
"We need to get out of the comfort zone and find the technologies that take us outside of our current thinking," added Pirc.
"The old adage is that the adversary has to get it right just once but we have to get it right 100 percent of the time."
Pirc said companies can no longer wait for someone else to fix their security issues, and that it is up to the business to find a solution to their issues.
"It's a massive problem and if someone says they have a silver bullet they're lying to you," said Pirc.
The HP executive recommended that in-house security professionals begin to try new things, even if they are not experienced with it. Pirc advises that professionals allocate additional funds for their security department to try out future technologies.
"Fight for the dollars that you need. Even if it's for new products your not familiar with in beta, go get it," said Pirc.
Pirc's strong words come following the announcement that HP is creating a division to spearhead its cyber security group. The group aims to add a more holistic option to its cyber security services.