Trends in Security

1 2 Page 2
Page 2 of 2

So do CISOs in India need to start worrying? Depends on how they profile risk in their organizations. Organizations that have strategic, national, or military significance have a higher threat profile, says Godbole. Also, known names or brands in the commercial world or those that hold information that can be exploited may be equally at threat. It's very important to determine whether your organization falls in these buckets.

Currently only 35 percent of organizations in India have a strategy to combat APT, according to GISS. Over 85 percent of these rely on traditional intrusion detection or intrusion prevention systems to counter APT.

But while basic security practices such as patch management, vulnerability assessment and configuration management will ensure APT entry points are secured; this new threat will need more sophisticated protection like deep packet inspection, network forensics, and robust net flow analysis tools. In the next year, 64 percent of Indian organizations say that APT will drive security spending, which is lower than the Asian average of 70 percent.

Organizations that are high on a criminal's radar would need to hire or train expert malware analysts capable of analyzing data to identify the activities of malware and bots to identify APT, says Godbole.

The more visibility and context you have around the status of your security environment, the more prepared you will be to respond to threats when they strike. Because it's not a matter of if you are going to be attacked, the question is when, and how quickly will you be able to respond when it happens.

Copyright © 2012 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
21 best free security tools to make your job easier