Can you see the threats for what they are?

Time was when a firewall and some anti-virus software were all manufacturing businesses needed to provide online protection. Then hackers got smarter, viruses and worms more sophisticated, and attack vectors cleverer at compromising computer vulnerabilities. Hence the scale of today's IT security market, and the money spent by most of us on maintaining multiple layers of protection and staying updated. But if you thought these kept you safe, better think again. Frank Coggrave, general manager EMEA at forensic computer analysis systems developer Guidance Software, reminds us of recent big-name hacks, ranging from Nasa to Sony. And he suggests that these are just the tip of a looming iceberg, as hackers turn their attention to less obvious and smaller targets in a surprising spread of industries. His point: while some of today's hackers may not be motivated by personal gain, others certainly are. And that includes individuals and teams sponsored by organisations or even countries to do what they do. Given that sophisticated attack kits are widely available for just a few thousand dollars, disrupting businesses or – more sinister, harder to detect and even more difficult to prove – stealing company secrets, can be a very lucrative pastime. For Coggrave, that's where his organisation's latest forensic software comes in. This is not about competing with the frontline layers of protection. Guidance Software's systems are aimed at augmenting these by assisting with risk compliance before the event and (most important) providing automated electronic discovery after it – including finding which data, where, when and who or what has been implicated. This matters – and in more ways than one. When electronic secrets are at stake, he argues, it's not only about providing cast iron evidence upon which to build legal cases and recover damages for online fraud. It's also about quickly enabling targeted action to minimise the damage, whether that's in terms of compromised engineering designs, BoMs, sources, pricing structures, customers, contracts or indeed reputation. As Coggrave puts it: "All companies need to get appropriate mitigation and response processes in place. But they depend on knowing what has gone, to whom and when it happened as quickly as possible." And if you believe your firewall alerts should be helping, well, yes – except there are hundreds of them. What would you give for security software capable of detecting which, if any, of those posed a real and present threat?